2 # Copyright (c) 1999-2004 Damien Miller
4 # Permission to use, copy, modify, and distribute this software for any
5 # purpose with or without fee is hereby granted, provided that the above
6 # copyright notice and this permission notice appear in all copies.
8 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
17 AC_CONFIG_MACRO_DIR([m4])
18 AC_CONFIG_SRCDIR([ssh.c])
20 # Check for stale configure as early as possible.
21 for i in $srcdir/configure.ac $srcdir/m4/*.m4; do
22 if test "$i" -nt "$srcdir/configure"; then
23 AC_MSG_ERROR([$i newer than configure, run autoreconf])
29 AC_CONFIG_HEADERS([config.h])
30 AC_PROG_CC([cc gcc clang])
32 # XXX relax this after reimplementing logit() etc.
33 AC_MSG_CHECKING([if $CC supports C99-style variadic macros])
34 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
35 int f(int a, int b, int c) { return a + b + c; }
36 #define F(a, ...) f(a, __VA_ARGS__)
37 ]], [[return F(1, 2, -3);]])],
38 [ AC_MSG_RESULT([yes]) ],
39 [ AC_MSG_ERROR([*** OpenSSH requires support for C99-style variadic macros]) ]
45 # Checks for programs.
52 AC_CHECK_TOOLS([AR], [ar])
53 AC_PATH_PROG([CAT], [cat])
54 AC_PATH_PROG([KILL], [kill])
55 AC_PATH_PROG([SED], [sed])
56 AC_PATH_PROG([TEST_MINUS_S_SH], [bash])
57 AC_PATH_PROG([TEST_MINUS_S_SH], [ksh])
58 AC_PATH_PROG([TEST_MINUS_S_SH], [sh])
59 AC_PATH_PROG([SH], [bash])
60 AC_PATH_PROG([SH], [ksh])
61 AC_PATH_PROG([SH], [sh])
62 AC_PATH_PROG([GROFF], [groff])
63 AC_PATH_PROG([NROFF], [nroff awf])
64 AC_PATH_PROG([MANDOC], [mandoc])
65 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
66 AC_SUBST([TEST_SHELL], [sh])
68 dnl select manpage formatter to be used to build "cat" format pages.
69 if test "x$MANDOC" != "x" ; then
71 elif test "x$NROFF" != "x" ; then
72 MANFMT="$NROFF -mandoc"
73 elif test "x$GROFF" != "x" ; then
74 MANFMT="$GROFF -mandoc -Tascii"
76 AC_MSG_WARN([no manpage formatter found])
82 AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd],
83 [/usr/sbin${PATH_SEPARATOR}/etc])
84 AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd],
85 [/usr/sbin${PATH_SEPARATOR}/etc])
86 AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no])
87 if test -x /sbin/sh; then
88 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh])
90 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh])
96 if test -z "$AR" ; then
97 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
100 AC_PATH_PROG([PATH_PASSWD_PROG], [passwd])
101 if test ! -z "$PATH_PASSWD_PROG" ; then
102 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"],
103 [Full path of your "passwd" program])
106 dnl Since autoconf doesn't support it very well, we no longer allow users to
107 dnl override LD, however keeping the hook here for now in case there's a use
108 dnl use case we overlooked and someone needs to re-enable it. Unless a good
109 dnl reason is found we'll be removing this in future.
115 AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>])
116 AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>])
117 AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [
118 #include <sys/types.h>
119 #include <sys/param.h>
120 #include <dev/systrace.h>
122 AC_CHECK_DECL([RLIMIT_NPROC],
123 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [
124 #include <sys/types.h>
125 #include <sys/resource.h>
127 AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
128 #include <sys/types.h>
129 #include <linux/prctl.h>
134 AC_ARG_WITH([openssl],
135 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ],
136 [ if test "x$withval" = "xno" ; then
142 AC_MSG_CHECKING([whether OpenSSL will be used for cryptography])
143 if test "x$openssl" = "xyes" ; then
145 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography])
150 use_stack_protector=1
151 use_toolchain_hardening=1
152 AC_ARG_WITH([stackprotect],
153 [ --without-stackprotect Don't use compiler's stack protection], [
154 if test "x$withval" = "xno"; then
155 use_stack_protector=0
157 AC_ARG_WITH([hardening],
158 [ --without-hardening Don't use toolchain hardening flags], [
159 if test "x$withval" = "xno"; then
160 use_toolchain_hardening=0
163 # We use -Werror for the tests only so that we catch warnings like "this is
164 # on by default" for things like -fPIE.
165 AC_MSG_CHECKING([if $CC supports -Werror])
166 saved_CFLAGS="$CFLAGS"
167 CFLAGS="$CFLAGS -Werror"
168 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])],
169 [ AC_MSG_RESULT([yes])
171 [ AC_MSG_RESULT([no])
174 CFLAGS="$saved_CFLAGS"
176 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
177 AC_MSG_CHECKING([gcc version])
178 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
180 1.*) no_attrib_nonnull=1 ;;
184 2.*) no_attrib_nonnull=1 ;;
187 AC_MSG_RESULT([$GCC_VER])
189 AC_MSG_CHECKING([clang version])
191 if echo "$ver" | grep "Apple" >/dev/null; then
192 CLANG_VER=apple-`echo "$ver" | grep 'clang version' | \
193 $SED 's/.*clang version //g' | $AWK '{print $1}'`
195 CLANG_VER=`echo "$ver" | grep 'clang version' | \
196 $SED 's/.*clang version //g' | $AWK '{print $1}'`
198 AC_MSG_RESULT([$CLANG_VER])
200 OSSH_CHECK_CFLAG_COMPILE([-pipe])
201 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option])
202 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation])
203 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments])
204 OSSH_CHECK_CFLAG_COMPILE([-Wall])
205 OSSH_CHECK_CFLAG_COMPILE([-Wextra])
206 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
207 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
208 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
209 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
210 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess])
211 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
212 OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter])
213 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
214 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough])
215 OSSH_CHECK_CFLAG_COMPILE([-Wmisleading-indentation])
216 OSSH_CHECK_CFLAG_COMPILE([-Wbitwise-instead-of-logical])
217 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
218 if test "x$use_toolchain_hardening" = "x1"; then
219 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang
220 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt])
221 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
222 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
223 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
224 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack])
225 # NB. -ftrapv expects certain support functions to be present in
226 # the compiler library (libgcc or similar) to detect integer operations
227 # that can overflow. We must check that the result of enabling it
228 # actually links. The test program compiled/linked includes a number
229 # of integer operations that should exercise this.
230 OSSH_CHECK_CFLAG_LINK([-ftrapv])
231 # clang 15 seems to have a bug in -fzero-call-used-regs=all. See
232 # https://bugzilla.mindrot.org/show_bug.cgi?id=3475 and
233 # https://github.com/llvm/llvm-project/issues/59242
234 # clang 17 has a different bug that causes an ICE when using this
235 # flag at all (https://bugzilla.mindrot.org/show_bug.cgi?id=3629)
237 apple-15*) OSSH_CHECK_CFLAG_LINK([-fzero-call-used-regs=used]) ;;
239 *) OSSH_CHECK_CFLAG_LINK([-fzero-call-used-regs=used]) ;;
241 OSSH_CHECK_CFLAG_COMPILE([-ftrivial-auto-var-init=zero])
244 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
245 saved_CFLAGS="$CFLAGS"
246 CFLAGS="$CFLAGS -fno-builtin-memset"
247 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]],
248 [[ char b[10]; memset(b, 0, sizeof(b)); ]])],
249 [ AC_MSG_RESULT([yes]) ],
250 [ AC_MSG_RESULT([no])
251 CFLAGS="$saved_CFLAGS" ]
254 # -fstack-protector-all doesn't always work for some GCC versions
255 # and/or platforms, so we test if we can. If it's not supported
256 # on a given platform gcc will emit a warning so we use -Werror.
257 if test "x$use_stack_protector" = "x1"; then
258 for t in -fstack-protector-strong -fstack-protector-all \
259 -fstack-protector; do
260 AC_MSG_CHECKING([if $CC supports $t])
261 saved_CFLAGS="$CFLAGS"
262 saved_LDFLAGS="$LDFLAGS"
263 CFLAGS="$CFLAGS $t -Werror"
264 LDFLAGS="$LDFLAGS $t -Werror"
268 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;}
272 snprintf(x, sizeof(x), "XXX%d", func(1));
274 [ AC_MSG_RESULT([yes])
275 CFLAGS="$saved_CFLAGS $t"
276 LDFLAGS="$saved_LDFLAGS $t"
277 AC_MSG_CHECKING([if $t works])
281 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;}
285 snprintf(x, sizeof(x), "XXX%d", func(1));
287 [ AC_MSG_RESULT([yes])
289 [ AC_MSG_RESULT([no]) ],
290 [ AC_MSG_WARN([cross compiling: cannot test])
294 [ AC_MSG_RESULT([no]) ]
296 CFLAGS="$saved_CFLAGS"
297 LDFLAGS="$saved_LDFLAGS"
301 if test -z "$have_llong_max"; then
302 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
303 unset ac_cv_have_decl_LLONG_MAX
304 saved_CFLAGS="$CFLAGS"
305 CFLAGS="$CFLAGS -std=gnu99"
306 AC_CHECK_DECL([LLONG_MAX],
308 [CFLAGS="$saved_CFLAGS"],
309 [#include <limits.h>]
314 AC_MSG_CHECKING([if compiler allows __attribute__ on return types])
318 __attribute__((__unused__)) static void foo(void){return;}]],
320 [ AC_MSG_RESULT([yes]) ],
321 [ AC_MSG_RESULT([no])
322 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1,
323 [compiler does not accept __attribute__ on return types]) ]
326 AC_MSG_CHECKING([if compiler allows __attribute__ prototype args])
330 typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]],
332 [ AC_MSG_RESULT([yes]) ],
333 [ AC_MSG_RESULT([no])
334 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1,
335 [compiler does not accept __attribute__ on prototype args]) ]
338 AC_MSG_CHECKING([if compiler supports variable length arrays])
340 [AC_LANG_PROGRAM([[#include <stdlib.h>]],
341 [[ int i; for (i=0; i<3; i++){int a[i]; a[i-1]=0;} exit(0); ]])],
342 [ AC_MSG_RESULT([yes])
343 AC_DEFINE(VARIABLE_LENGTH_ARRAYS, [1],
344 [compiler supports variable length arrays]) ],
345 [ AC_MSG_RESULT([no]) ]
348 AC_MSG_CHECKING([if compiler accepts variable declarations after code])
350 [AC_LANG_PROGRAM([[#include <stdlib.h>]],
351 [[ int a; a = 1; int b = 1; exit(a-b); ]])],
352 [ AC_MSG_RESULT([yes])
353 AC_DEFINE(VARIABLE_DECLARATION_AFTER_CODE, [1],
354 [compiler variable declarations after code]) ],
355 [ AC_MSG_RESULT([no]) ]
358 if test "x$no_attrib_nonnull" != "x1" ; then
359 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull])
363 [ --without-rpath Disable auto-added -R linker paths],
365 if test "x$withval" = "xno" ; then
367 elif test "x$withval" = "xyes" ; then
375 # Allow user to specify flags
376 AC_ARG_WITH([cflags],
377 [ --with-cflags Specify additional flags to pass to compiler],
379 if test -n "$withval" && test "x$withval" != "xno" && \
380 test "x${withval}" != "xyes"; then
381 CFLAGS="$CFLAGS $withval"
386 AC_ARG_WITH([cflags-after],
387 [ --with-cflags-after Specify additional flags to pass to compiler after configure],
389 if test -n "$withval" && test "x$withval" != "xno" && \
390 test "x${withval}" != "xyes"; then
391 CFLAGS_AFTER="$withval"
395 AC_ARG_WITH([cppflags],
396 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
398 if test -n "$withval" && test "x$withval" != "xno" && \
399 test "x${withval}" != "xyes"; then
400 CPPFLAGS="$CPPFLAGS $withval"
404 AC_ARG_WITH([ldflags],
405 [ --with-ldflags Specify additional flags to pass to linker],
407 if test -n "$withval" && test "x$withval" != "xno" && \
408 test "x${withval}" != "xyes"; then
409 LDFLAGS="$LDFLAGS $withval"
413 AC_ARG_WITH([ldflags-after],
414 [ --with-ldflags-after Specify additional flags to pass to linker after configure],
416 if test -n "$withval" && test "x$withval" != "xno" && \
417 test "x${withval}" != "xyes"; then
418 LDFLAGS_AFTER="$withval"
423 [ --with-libs Specify additional libraries to link with],
425 if test -n "$withval" && test "x$withval" != "xno" && \
426 test "x${withval}" != "xyes"; then
427 LIBS="$LIBS $withval"
431 AC_ARG_WITH([Werror],
432 [ --with-Werror Build main code with -Werror],
434 if test -n "$withval" && test "x$withval" != "xno"; then
435 werror_flags="-Werror"
436 if test "x${withval}" != "xyes"; then
437 werror_flags="$withval"
443 dnl On some old platforms, sys/stat.h requires sys/types.h, but autoconf-2.71's
444 dnl AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order. If we
445 dnl haven't detected it, recheck.
446 if test "x$ac_cv_header_sys_stat_h" != "xyes"; then
447 unset ac_cv_header_sys_stat_h
448 AC_CHECK_HEADERS([sys/stat.h])
485 security/pam_appl.h \
531 # On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h]
532 # to be included first.
533 AC_CHECK_HEADERS([sys/audit.h], [], [], [
534 #ifdef HAVE_SYS_TIME_H
535 # include <sys/time.h>
537 #ifdef HAVE_SYS_TYPES_H
538 # include <sys/types.h>
540 #ifdef HAVE_SYS_LABEL_H
541 # include <sys/label.h>
545 # sys/capsicum.h requires sys/types.h
546 AC_CHECK_HEADERS([sys/capsicum.h capsicum_helpers.h], [], [], [
547 #ifdef HAVE_SYS_TYPES_H
548 # include <sys/types.h>
552 AC_MSG_CHECKING([for caph_cache_tzdata])
554 [AC_LANG_PROGRAM([[ #include <capsicum_helpers.h> ]],
555 [[caph_cache_tzdata();]])],
558 AC_DEFINE([HAVE_CAPH_CACHE_TZDATA], [1],
559 [Define if you have caph_cache_tzdata])
561 [ AC_MSG_RESULT([no]) ]
564 # net/route.h requires sys/socket.h and sys/types.h.
565 # sys/sysctl.h also requires sys/param.h
566 AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [
567 #ifdef HAVE_SYS_TYPES_H
568 # include <sys/types.h>
570 #include <sys/param.h>
571 #include <sys/socket.h>
574 # lastlog.h requires sys/time.h to be included first on Solaris
575 AC_CHECK_HEADERS([lastlog.h], [], [], [
576 #ifdef HAVE_SYS_TIME_H
577 # include <sys/time.h>
581 # sys/ptms.h requires sys/stream.h to be included first on Solaris
582 AC_CHECK_HEADERS([sys/ptms.h], [], [], [
583 #ifdef HAVE_SYS_STREAM_H
584 # include <sys/stream.h>
588 # login_cap.h requires sys/types.h on NetBSD
589 AC_CHECK_HEADERS([login_cap.h], [], [], [
590 #include <sys/types.h>
593 # older BSDs need sys/param.h before sys/mount.h
594 AC_CHECK_HEADERS([sys/mount.h], [], [], [
595 #include <sys/param.h>
598 # Android requires sys/socket.h to be included before sys/un.h
599 AC_CHECK_HEADERS([sys/un.h], [], [], [
600 #include <sys/types.h>
601 #include <sys/socket.h>
604 # Messages for features tested for in target-specific section
610 # Support for Solaris/Illumos privileges (this test is used by both
611 # the --with-solaris-privs option and --with-sandbox=solaris).
614 # Check for some target-specific stuff
617 # Some versions of VAC won't allow macro redefinitions at
618 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
619 # particularly with older versions of vac or xlc.
620 # It also throws errors about null macro arguments, but these are
622 AC_MSG_CHECKING([if compiler allows macro redefinitions])
625 #define testmacro foo
626 #define testmacro bar]],
628 [ AC_MSG_RESULT([yes]) ],
629 [ AC_MSG_RESULT([no])
630 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
631 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
632 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
636 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
637 if (test -z "$blibpath"); then
638 blibpath="/usr/lib:/lib"
640 saved_LDFLAGS="$LDFLAGS"
641 if test "$GCC" = "yes"; then
642 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
644 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
646 for tryflags in $flags ;do
647 if (test -z "$blibflags"); then
648 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
649 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
650 [blibflags=$tryflags], [])
653 if (test -z "$blibflags"); then
654 AC_MSG_RESULT([not found])
655 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
657 AC_MSG_RESULT([$blibflags])
659 LDFLAGS="$saved_LDFLAGS"
660 dnl Check for authenticate. Might be in libs.a on older AIXes
661 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1],
662 [Define if you want to enable AIX4's authenticate function])],
663 [AC_CHECK_LIB([s], [authenticate],
664 [ AC_DEFINE([WITH_AIXAUTHENTICATE])
668 dnl Check for various auth function declarations in headers.
669 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
670 passwdexpired, setauthdb], , , [#include <usersec.h>])
671 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
672 AC_CHECK_DECLS([loginfailed],
673 [AC_MSG_CHECKING([if loginfailed takes 4 arguments])
674 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]],
675 [[ (void)loginfailed("user","host","tty",0); ]])],
676 [AC_MSG_RESULT([yes])
677 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1],
678 [Define if your AIX loginfailed() function
679 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no])
682 [#include <usersec.h>]
684 AC_CHECK_FUNCS([getgrset setauthdb])
685 AC_CHECK_DECL([F_CLOSEM],
686 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]),
688 [ #include <limits.h>
691 check_for_aix_broken_getaddrinfo=1
692 AC_DEFINE([SETEUID_BREAKS_SETUID], [1],
693 [Define if your platform breaks doing a seteuid before a setuid])
694 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken])
695 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken])
696 dnl AIX handles lastlog as part of its login message
697 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog])
698 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1],
699 [Some systems need a utmpx entry for /bin/login to work])
700 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
701 [Define to a Set Process Title type if your system is
702 supported by bsd-setproctitle.c])
703 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
704 [AIX 5.2 and 5.3 (and presumably newer) require this])
705 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
706 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
707 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211])
708 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551])
711 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp])
712 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp])
715 LIBS="$LIBS /usr/lib/textreadmode.o"
716 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin])
717 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()])
718 AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
719 [Define to disable UID restoration test])
720 AC_DEFINE([DISABLE_SHADOW], [1],
721 [Define if you want to disable shadow passwords])
722 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
723 [Define if X11 doesn't support AF_UNIX sockets on that system])
724 AC_DEFINE([DISABLE_FD_PASSING], [1],
725 [Define if your platform needs to skip post auth
726 file descriptor passing])
727 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size])
728 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters])
729 # Cygwin defines optargs, optargs as declspec(dllimport) for historical
730 # reasons which cause compile warnings, so we disable those warnings.
731 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes])
734 AC_DEFINE([IP_TOS_IS_BROKEN], [1],
735 [Define if your system choked on IP TOS setting])
736 AC_DEFINE([SETEUID_BREAKS_SETUID])
737 AC_DEFINE([BROKEN_SETREUID])
738 AC_DEFINE([BROKEN_SETREGID])
742 AC_MSG_CHECKING([if we have working getaddrinfo])
743 AC_RUN_IFELSE([AC_LANG_SOURCE([[
744 #include <mach-o/dyld.h>
746 int main(void) { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
752 [AC_MSG_RESULT([working])],
753 [AC_MSG_RESULT([buggy])
754 AC_DEFINE([BROKEN_GETADDRINFO], [1],
755 [getaddrinfo is broken (if present)])
757 [AC_MSG_RESULT([assume it is working])])
758 AC_DEFINE([SETEUID_BREAKS_SETUID])
759 AC_DEFINE([BROKEN_SETREUID])
760 AC_DEFINE([BROKEN_SETREGID])
761 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect])
762 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1],
763 [Define if your resolver libs need this for getrrsetbyname])
764 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
765 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
766 [Use tunnel device compatibility to OpenBSD])
767 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
768 [Prepend the address family to IP tunnel traffic])
769 m4_pattern_allow([AU_IPv])
770 AC_CHECK_DECL([AU_IPv4], [],
771 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
772 [#include <bsm/audit.h>]
773 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1],
774 [Define if pututxline updates lastlog too])
776 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
777 [Define to a Set Process Title type if your system is
778 supported by bsd-setproctitle.c])
779 AC_CHECK_FUNCS([sandbox_init])
780 AC_CHECK_HEADERS([sandbox.h])
781 AC_CHECK_LIB([sandbox], [sandbox_apply], [
782 SSHDLIBS="$SSHDLIBS -lsandbox"
784 # proc_pidinfo()-based closefrom() replacement.
785 AC_CHECK_HEADERS([libproc.h])
786 AC_CHECK_FUNCS([proc_pidinfo])
787 # poll(2) is broken for character-special devices (at least).
788 # cf. Apple bug 3710161 (not public, but searchable)
789 AC_DEFINE([BROKEN_POLL], [1],
790 [System poll(2) implementation is broken])
794 TEST_MALLOC_OPTIONS="AFGJPRX"
798 CFLAGS="$CFLAGS -D_BSD_SOURCE"
799 AC_CHECK_LIB([network], [socket])
800 AC_DEFINE([HAVE_U_INT64_T])
801 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx])
805 # first we define all of the options common to all HP-UX releases
806 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
807 IPADDR_IN_DISPLAY=yes
808 AC_DEFINE([USE_PIPES])
809 AC_DEFINE([LOGIN_NEEDS_UTMPX])
810 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"],
811 [String used in /etc/passwd to denote locked account])
812 AC_DEFINE([SPT_TYPE], [SPT_PSTAT])
813 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
816 AC_CHECK_LIB([xnet], [t_error], ,
817 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])])
819 # next, we define all of the options specific to major releases
822 if test -z "$GCC"; then
825 AC_DEFINE([BROKEN_GETLINE], [1], [getline is not what we expect])
828 AC_DEFINE([PAM_SUN_CODEBASE], [1],
829 [Define if you are using Solaris-derived PAM which
830 passes pam_messages to the conversation function
831 with an extra level of indirection])
832 AC_DEFINE([DISABLE_UTMP], [1],
833 [Define if you don't want to use utmp])
834 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
835 check_for_hpux_broken_getaddrinfo=1
836 check_for_conflicting_getspnam=1
840 # lastly, we define options specific to minor releases
843 AC_DEFINE([HAVE_SECUREWARE], [1],
844 [Define if you have SecureWare-based
845 protected password database])
846 disable_ptmx_check=yes
852 PATH="$PATH:/usr/etc"
853 AC_DEFINE([BROKEN_INET_NTOA], [1],
854 [Define if you system's inet_ntoa is busted
855 (e.g. Irix gcc issue)])
856 AC_DEFINE([SETEUID_BREAKS_SETUID])
857 AC_DEFINE([BROKEN_SETREUID])
858 AC_DEFINE([BROKEN_SETREGID])
859 AC_DEFINE([WITH_ABBREV_NO_TTY], [1],
860 [Define if you shouldn't strip 'tty' from your
862 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
865 PATH="$PATH:/usr/etc"
866 AC_DEFINE([WITH_IRIX_ARRAY], [1],
867 [Define if you have/want arrays
868 (cluster-wide session management, not C arrays)])
869 AC_DEFINE([WITH_IRIX_PROJECT], [1],
870 [Define if you want IRIX project management])
871 AC_DEFINE([WITH_IRIX_AUDIT], [1],
872 [Define if you want IRIX audit trails])
873 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1],
874 [Define if you want IRIX kernel jobs])])
875 AC_DEFINE([BROKEN_INET_NTOA])
876 AC_DEFINE([SETEUID_BREAKS_SETUID])
877 AC_DEFINE([BROKEN_SETREUID])
878 AC_DEFINE([BROKEN_SETREGID])
879 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)])
880 AC_DEFINE([WITH_ABBREV_NO_TTY])
881 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
883 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
884 AC_DEFINE([PAM_TTY_KLUDGE])
885 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"])
886 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
887 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
888 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
893 check_for_openpty_ctty_bug=1
894 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics.
895 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE
896 dnl _GNU_SOURCE is needed for setres*id prototypes.
897 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE"
898 AC_DEFINE([BROKEN_CLOSEFROM], [1], [broken in chroots on older kernels])
899 AC_DEFINE([PAM_TTY_KLUDGE], [1],
900 [Work around problematic Linux PAM modules handling of PAM_TTY])
901 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"],
902 [String used in /etc/passwd to denote locked account])
903 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
904 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM],
905 [Define to whatever link() returns for "not supported"
906 if it doesn't return EOPNOTSUPP.])
907 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
908 AC_DEFINE([USE_BTMP])
909 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer])
910 inet6_default_4in6=yes
913 AC_DEFINE([BROKEN_CMSG_TYPE], [1],
914 [Define if cmsg_type is not passed correctly])
917 # tun(4) forwarding compat code
918 AC_CHECK_HEADERS([linux/if_tun.h])
919 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
920 AC_DEFINE([SSH_TUN_LINUX], [1],
921 [Open tunnel devices the Linux tun/tap way])
922 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
923 [Use tunnel device compatibility to OpenBSD])
924 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
925 [Prepend the address family to IP tunnel traffic])
927 AC_CHECK_HEADER([linux/if.h],
928 AC_DEFINE([SYS_RDOMAIN_LINUX], [1],
929 [Support routing domains using Linux VRF]), [], [
930 #ifdef HAVE_SYS_TYPES_H
931 # include <sys/types.h>
934 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [],
935 [], [#include <linux/types.h>])
939 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
940 #if _MIPS_SIM != _ABIO32
943 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
944 #if _MIPS_SIM != _ABIN32
947 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
948 #if _MIPS_SIM != _ABI64
951 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI])
957 AC_MSG_CHECKING([for seccomp architecture])
961 seccomp_audit_arch=AUDIT_ARCH_X86_64
964 seccomp_audit_arch=AUDIT_ARCH_I386
967 seccomp_audit_arch=AUDIT_ARCH_ARM
970 seccomp_audit_arch=AUDIT_ARCH_AARCH64
973 seccomp_audit_arch=AUDIT_ARCH_S390X
976 seccomp_audit_arch=AUDIT_ARCH_S390
979 seccomp_audit_arch=AUDIT_ARCH_PPC
982 seccomp_audit_arch=AUDIT_ARCH_PPC64
985 seccomp_audit_arch=AUDIT_ARCH_PPC64LE
988 seccomp_audit_arch=AUDIT_ARCH_MIPS
991 seccomp_audit_arch=AUDIT_ARCH_MIPSEL
996 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32
999 seccomp_audit_arch=AUDIT_ARCH_MIPS64
1006 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32
1009 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64
1014 seccomp_audit_arch=AUDIT_ARCH_RISCV64
1017 if test "x$seccomp_audit_arch" != "x" ; then
1018 AC_MSG_RESULT(["$seccomp_audit_arch"])
1019 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch],
1020 [Specify the system call convention in use])
1022 AC_MSG_RESULT([architecture not supported])
1026 AC_DEFINE([SETEUID_BREAKS_SETUID])
1027 # poll(2) seems to choke on /dev/null; "Bad file descriptor"
1028 AC_DEFINE([BROKEN_POLL], [1],
1029 [System poll(2) implementation is broken])
1031 mips-sony-bsd|mips-sony-newsos4)
1032 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty])
1036 if test "x$withval" != "xno" ; then
1039 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE"
1040 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
1041 AC_CHECK_HEADER([net/if_tap.h], ,
1042 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
1043 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
1044 [Prepend the address family to IP tunnel traffic])
1045 TEST_MALLOC_OPTIONS="AJRX"
1046 AC_DEFINE([BROKEN_READ_COMPARISON], [1],
1047 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it])
1050 SKIP_DISABLE_LASTLOG_DEFINE=yes
1051 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)])
1052 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
1053 AC_CHECK_HEADER([net/if_tap.h], ,
1054 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
1055 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need])
1056 TEST_MALLOC_OPTIONS="AJRX"
1057 # Preauth crypto occasionally uses file descriptors for crypto offload
1058 # and will crash if they cannot be opened.
1059 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1],
1060 [define if setrlimit RLIMIT_NOFILE breaks things])
1062 *-*-freebsd9.*|*-*-freebsd10.*)
1063 # Capsicum on 9 and 10 do not allow ppoll() so don't auto-enable.
1064 disable_capsicum=yes
1068 AC_DEFINE([SETEUID_BREAKS_SETUID])
1069 AC_DEFINE([BROKEN_SETREUID])
1070 AC_DEFINE([BROKEN_SETREGID])
1073 conf_lastlog_location="/usr/adm/lastlog"
1074 conf_utmp_location=/etc/utmp
1075 conf_wtmp_location=/usr/adm/wtmp
1076 maildir=/usr/spool/mail
1077 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT])
1078 AC_DEFINE([USE_PIPES])
1079 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT])
1083 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel])
1084 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded])
1085 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way])
1086 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
1087 [syslog_r function is safe to use in in a signal handler])
1088 TEST_MALLOC_OPTIONS="AFGJPRX"
1091 if test "x$withval" != "xno" ; then
1094 AC_DEFINE([PAM_SUN_CODEBASE])
1095 AC_DEFINE([LOGIN_NEEDS_UTMPX])
1096 AC_DEFINE([PAM_TTY_KLUDGE])
1097 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
1098 [Define if pam_chauthtok wants real uid set
1099 to the unpriv'ed user])
1100 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1101 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
1102 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1],
1103 [Define if sshd somehow reacquires a controlling TTY
1105 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd
1106 in case the name is longer than 8 chars])
1107 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang])
1108 external_path_file=/etc/default/login
1109 # hardwire lastlog location (can't detect it on some versions)
1110 conf_lastlog_location="/var/adm/lastlog"
1111 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x])
1112 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
1113 if test "$sol2ver" -ge 8; then
1114 AC_MSG_RESULT([yes])
1115 AC_DEFINE([DISABLE_UTMP])
1116 AC_DEFINE([DISABLE_WTMP], [1],
1117 [Define if you don't want to use wtmp])
1121 AC_CHECK_FUNCS([setpflags])
1122 AC_CHECK_FUNCS([setppriv])
1123 AC_CHECK_FUNCS([priv_basicset])
1124 AC_CHECK_HEADERS([priv.h])
1125 AC_ARG_WITH([solaris-contracts],
1126 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
1128 AC_CHECK_LIB([contract], [ct_tmpl_activate],
1129 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1],
1130 [Define if you have Solaris process contracts])
1131 LIBS="$LIBS -lcontract"
1135 AC_ARG_WITH([solaris-projects],
1136 [ --with-solaris-projects Enable Solaris projects (experimental)],
1138 AC_CHECK_LIB([project], [setproject],
1139 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1],
1140 [Define if you have Solaris projects])
1141 LIBS="$LIBS -lproject"
1145 AC_ARG_WITH([solaris-privs],
1146 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)],
1148 AC_MSG_CHECKING([for Solaris/Illumos privilege support])
1149 if test "x$ac_cv_func_setppriv" = "xyes" -a \
1150 "x$ac_cv_header_priv_h" = "xyes" ; then
1152 AC_MSG_RESULT([found])
1153 AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
1154 [Define to disable UID restoration test])
1155 AC_DEFINE([USE_SOLARIS_PRIVS], [1],
1156 [Define if you have Solaris privileges])
1159 AC_MSG_RESULT([not found])
1160 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs])
1164 TEST_SHELL=$SHELL # let configure find us a capable shell
1167 CPPFLAGS="$CPPFLAGS -DSUNOS4"
1168 AC_CHECK_FUNCS([getpwanam])
1169 AC_DEFINE([PAM_SUN_CODEBASE])
1170 conf_utmp_location=/etc/utmp
1171 conf_wtmp_location=/var/adm/wtmp
1172 conf_lastlog_location=/var/adm/lastlog
1173 AC_DEFINE([USE_PIPES])
1174 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx])
1178 AC_DEFINE([USE_PIPES])
1179 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1180 AC_DEFINE([SETEUID_BREAKS_SETUID])
1181 AC_DEFINE([BROKEN_SETREUID])
1182 AC_DEFINE([BROKEN_SETREGID])
1185 # /usr/ucblib MUST NOT be searched on ReliantUNIX
1186 AC_CHECK_LIB([dl], [dlsym], ,)
1187 # -lresolv needs to be at the end of LIBS or DNS lookups break
1188 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ])
1189 IPADDR_IN_DISPLAY=yes
1190 AC_DEFINE([USE_PIPES])
1191 AC_DEFINE([IP_TOS_IS_BROKEN])
1192 AC_DEFINE([SETEUID_BREAKS_SETUID])
1193 AC_DEFINE([BROKEN_SETREUID])
1194 AC_DEFINE([BROKEN_SETREGID])
1195 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1196 external_path_file=/etc/default/login
1197 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
1198 # Attention: always take care to bind libsocket and libnsl before libc,
1199 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
1201 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
1203 AC_DEFINE([USE_PIPES])
1204 AC_DEFINE([SETEUID_BREAKS_SETUID])
1205 AC_DEFINE([BROKEN_SETREUID])
1206 AC_DEFINE([BROKEN_SETREGID])
1207 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd])
1208 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1209 TEST_SHELL=$SHELL # let configure find us a capable shell
1211 # UnixWare 7.x, OpenUNIX 8
1213 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
1214 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars])
1215 AC_DEFINE([USE_PIPES])
1216 AC_DEFINE([SETEUID_BREAKS_SETUID])
1217 AC_DEFINE([BROKEN_GETADDRINFO])
1218 AC_DEFINE([BROKEN_SETREUID])
1219 AC_DEFINE([BROKEN_SETREGID])
1220 AC_DEFINE([PASSWD_NEEDS_USERNAME])
1221 AC_DEFINE([BROKEN_TCGETATTR_ICANON])
1222 TEST_SHELL=$SHELL # let configure find us a capable shell
1224 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
1225 maildir=/var/spool/mail
1226 AC_DEFINE([BROKEN_UPDWTMPX])
1227 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot"
1228 AC_CHECK_FUNCS([getluid setluid], , , [-lprot])
1231 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1237 # SCO UNIX and OEM versions of SCO UNIX
1239 AC_MSG_ERROR("This Platform is no longer supported.")
1241 # SCO OpenServer 5.x
1243 if test -z "$GCC"; then
1244 CFLAGS="$CFLAGS -belf"
1246 LIBS="$LIBS -lprot -lx -ltinfo -lm"
1248 AC_DEFINE([USE_PIPES])
1249 AC_DEFINE([HAVE_SECUREWARE])
1250 AC_DEFINE([DISABLE_SHADOW])
1251 AC_DEFINE([DISABLE_FD_PASSING])
1252 AC_DEFINE([SETEUID_BREAKS_SETUID])
1253 AC_DEFINE([BROKEN_GETADDRINFO])
1254 AC_DEFINE([BROKEN_SETREUID])
1255 AC_DEFINE([BROKEN_SETREGID])
1256 AC_DEFINE([WITH_ABBREV_NO_TTY])
1257 AC_DEFINE([BROKEN_UPDWTMPX])
1258 AC_DEFINE([PASSWD_NEEDS_USERNAME])
1259 AC_CHECK_FUNCS([getluid setluid])
1261 TEST_SHELL=$SHELL # let configure find us a capable shell
1262 SKIP_DISABLE_LASTLOG_DEFINE=yes
1265 AC_MSG_CHECKING([for Digital Unix SIA])
1267 AC_ARG_WITH([osfsia],
1268 [ --with-osfsia Enable Digital Unix SIA],
1270 if test "x$withval" = "xno" ; then
1271 AC_MSG_RESULT([disabled])
1276 if test -z "$no_osfsia" ; then
1277 if test -f /etc/sia/matrix.conf; then
1278 AC_MSG_RESULT([yes])
1279 AC_DEFINE([HAVE_OSF_SIA], [1],
1280 [Define if you have Digital Unix Security
1281 Integration Architecture])
1282 AC_DEFINE([DISABLE_LOGIN], [1],
1283 [Define if you don't want to use your
1284 system's login() call])
1285 AC_DEFINE([DISABLE_FD_PASSING])
1286 LIBS="$LIBS -lsecurity -ldb -lm -laud"
1290 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"],
1291 [String used in /etc/passwd to denote locked account])
1294 AC_DEFINE([BROKEN_GETADDRINFO])
1295 AC_DEFINE([SETEUID_BREAKS_SETUID])
1296 AC_DEFINE([BROKEN_SETREUID])
1297 AC_DEFINE([BROKEN_SETREGID])
1298 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv])
1302 AC_DEFINE([USE_PIPES])
1303 AC_DEFINE([NO_X11_UNIX_SOCKETS])
1304 AC_DEFINE([DISABLE_LASTLOG])
1305 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1306 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken])
1307 enable_etc_default_login=no # has incompatible /etc/default/login
1310 AC_DEFINE([DISABLE_FD_PASSING])
1316 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
1317 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty])
1318 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix])
1319 AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx])
1320 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we
1321 # don't get a controlling tty.
1322 AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root])
1323 # On Ultrix some headers are not protected against multiple includes,
1324 # so we create wrappers and put it where the compiler will find it.
1325 AC_MSG_WARN([creating compat wrappers for headers])
1327 for header in netinet/ip.h netdb.h resolv.h; do
1328 name=`echo $header | tr 'a-z/.' 'A-Z__'`
1330 #ifndef _SSH_COMPAT_${name}
1331 #define _SSH_COMPAT_${name}
1332 #include "/usr/include/${header}"
1339 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
1340 AC_DEFINE([BROKEN_SETVBUF], [1],
1341 [LynxOS has broken setvbuf() implementation])
1345 AC_MSG_CHECKING([compiler and flags for sanity])
1346 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdlib.h> ]], [[ exit(0); ]])],
1347 [ AC_MSG_RESULT([yes]) ],
1350 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
1352 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
1355 dnl Checks for header files.
1356 # Checks for libraries.
1357 AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])])
1359 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
1360 AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [
1361 AC_CHECK_LIB([gen], [dirname], [
1362 AC_CACHE_CHECK([for broken dirname],
1363 ac_cv_have_broken_dirname, [
1372 int main(int argc, char **argv) {
1375 strncpy(buf,"/etc", 32);
1377 if (!s || strncmp(s, "/", 32) != 0) {
1384 [ ac_cv_have_broken_dirname="no" ],
1385 [ ac_cv_have_broken_dirname="yes" ],
1386 [ ac_cv_have_broken_dirname="no" ],
1390 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1392 AC_DEFINE([HAVE_DIRNAME])
1393 AC_CHECK_HEADERS([libgen.h])
1398 AC_CHECK_FUNC([getspnam], ,
1399 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])])
1400 AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1],
1401 [Define if you have the basename function.])])
1403 dnl zlib defaults to enabled
1406 [ --with-zlib=PATH Use zlib in PATH],
1407 [ if test "x$withval" = "xno" ; then
1409 elif test "x$withval" != "xyes"; then
1410 if test -d "$withval/lib"; then
1411 if test -n "${rpath_opt}"; then
1412 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}"
1414 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1417 if test -n "${rpath_opt}"; then
1418 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}"
1420 LDFLAGS="-L${withval} ${LDFLAGS}"
1423 if test -d "$withval/include"; then
1424 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1426 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1431 # These libraries are needed for anything that links in the channel code.
1433 AC_MSG_CHECKING([for zlib])
1434 if test "x${zlib}" = "xno"; then
1438 CHANNELLIBS="$CHANNELLIBS -lz"
1439 AC_MSG_RESULT([yes])
1440 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib])
1441 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])])
1442 AC_CHECK_LIB([z], [deflate], [],
1444 saved_CPPFLAGS="$CPPFLAGS"
1445 saved_LDFLAGS="$LDFLAGS"
1446 dnl Check default zlib install dir
1447 if test -n "${rpath_opt}"; then
1448 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}"
1450 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1452 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1453 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])],
1455 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1461 AC_ARG_WITH([zlib-version-check],
1462 [ --without-zlib-version-check Disable zlib version check],
1463 [ if test "x$withval" = "xno" ; then
1464 zlib_check_nonfatal=1
1469 AC_MSG_CHECKING([for possibly buggy zlib])
1470 AC_RUN_IFELSE([AC_LANG_PROGRAM([[
1476 int a=0, b=0, c=0, d=0, n, v;
1477 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1480 v = a*1000000 + b*10000 + c*100 + d;
1481 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1484 if (a == 1 && b == 1 && c >= 4)
1487 /* 1.2.3 and up are OK */
1493 AC_MSG_RESULT([no]),
1494 [ AC_MSG_RESULT([yes])
1495 if test -z "$zlib_check_nonfatal" ; then
1496 AC_MSG_ERROR([*** zlib too old - check config.log ***
1497 Your reported zlib version has known security problems. It's possible your
1498 vendor has fixed these problems without changing the version number. If you
1499 are sure this is the case, you can disable the check by running
1500 "./configure --without-zlib-version-check".
1501 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1502 See http://www.gzip.org/zlib/ for details.])
1504 AC_MSG_WARN([zlib version may have security problems])
1507 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1513 AC_CHECK_FUNC([strcasecmp],
1514 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ]
1516 AC_CHECK_FUNCS([utimes],
1517 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES])
1518 LIBS="$LIBS -lc89"]) ]
1521 dnl Checks for libutil functions
1522 AC_CHECK_HEADERS([bsd/libutil.h libutil.h])
1523 AC_SEARCH_LIBS([fmt_scaled], [util bsd])
1524 AC_SEARCH_LIBS([scan_scaled], [util bsd])
1525 AC_SEARCH_LIBS([login], [util bsd])
1526 AC_SEARCH_LIBS([logout], [util bsd])
1527 AC_SEARCH_LIBS([logwtmp], [util bsd])
1528 AC_SEARCH_LIBS([openpty], [util bsd])
1529 AC_SEARCH_LIBS([updwtmp], [util bsd])
1530 AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp])
1532 # On some platforms, inet_ntop and gethostbyname may be found in libresolv
1534 AC_SEARCH_LIBS([inet_ntop], [resolv nsl])
1535 AC_SEARCH_LIBS([gethostbyname], [resolv nsl])
1537 # Some Linux distribtions ship the BSD libc hashing functions in
1538 # separate libraries.
1539 AC_SEARCH_LIBS([SHA256Update], [md bsd])
1541 # "Particular Function Checks"
1542 # see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html
1546 # autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL;
1547 AC_MSG_CHECKING([if calloc(0, N) returns non-null])
1550 [[ #include <stdlib.h> ]],
1551 [[ void *p = calloc(0, 1); exit(p == NULL); ]]
1553 [ func_calloc_0_nonnull=yes ],
1554 [ func_calloc_0_nonnull=no ],
1555 [ AC_MSG_WARN([cross compiling: assuming same as malloc])
1556 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"]
1558 AC_MSG_RESULT([$func_calloc_0_nonnull])
1560 if test "x$func_calloc_0_nonnull" = "xyes"; then
1561 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null])
1563 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL])
1564 AC_DEFINE(calloc, rpl_calloc,
1565 [Define to rpl_calloc if the replacement function should be used.])
1568 # Check for ALTDIRFUNC glob() extension
1569 AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support])
1570 AC_EGREP_CPP([FOUNDIT],
1573 #ifdef GLOB_ALTDIRFUNC
1578 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1],
1579 [Define if your system glob() function has
1580 the GLOB_ALTDIRFUNC extension])
1581 AC_MSG_RESULT([yes])
1588 # Check for g.gl_matchc glob() extension
1589 AC_MSG_CHECKING([for gl_matchc field in glob_t])
1590 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]],
1591 [[ glob_t g; g.gl_matchc = 1; ]])],
1593 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1],
1594 [Define if your system glob() function has
1595 gl_matchc options in glob_t])
1596 AC_MSG_RESULT([yes])
1601 # Check for g.gl_statv glob() extension
1602 AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob])
1603 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[
1604 #ifndef GLOB_KEEPSTAT
1605 #error "glob does not support GLOB_KEEPSTAT extension"
1611 AC_DEFINE([GLOB_HAS_GL_STATV], [1],
1612 [Define if your system glob() function has
1613 gl_statv options in glob_t])
1614 AC_MSG_RESULT([yes])
1620 AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>])
1622 AC_CHECK_DECL([VIS_ALL], ,
1623 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>])
1625 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1628 #include <sys/types.h>
1634 exit(sizeof(d.d_name)<=sizeof(char));
1636 [AC_MSG_RESULT([yes])],
1639 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1],
1640 [Define if your struct dirent expects you to
1641 allocate extra space for d_name])
1644 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1645 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME])
1649 AC_MSG_CHECKING([for /proc/pid/fd directory])
1650 if test -d "/proc/$$/fd" ; then
1651 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd])
1652 AC_MSG_RESULT([yes])
1657 # Check whether user wants TCP wrappers support
1659 AC_ARG_WITH([tcp-wrappers],
1660 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1662 if test "x$withval" != "xno" ; then
1664 saved_LDFLAGS="$LDFLAGS"
1665 saved_CPPFLAGS="$CPPFLAGS"
1666 if test -n "${withval}" && \
1667 test "x${withval}" != "xyes"; then
1668 if test -d "${withval}/lib"; then
1669 if test -n "${need_dash_r}"; then
1670 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1672 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1675 if test -n "${need_dash_r}"; then
1676 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1678 LDFLAGS="-L${withval} ${LDFLAGS}"
1681 if test -d "${withval}/include"; then
1682 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1684 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1688 AC_MSG_CHECKING([for libwrap])
1689 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
1690 #include <sys/types.h>
1691 #include <sys/socket.h>
1692 #include <netinet/in.h>
1694 int deny_severity = 0, allow_severity = 0;
1698 AC_MSG_RESULT([yes])
1699 AC_DEFINE([LIBWRAP], [1],
1701 TCP Wrappers support])
1702 SSHDLIBS="$SSHDLIBS -lwrap"
1705 AC_MSG_ERROR([*** libwrap missing])
1712 # Check whether user wants to use ldns
1715 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)],
1718 if test "x$withval" = "xyes" ; then
1719 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no])
1720 if test "x$LDNSCONFIG" = "xno"; then
1724 LIBS="$LIBS `$LDNSCONFIG --libs`"
1725 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`"
1728 elif test "x$withval" != "xno" ; then
1729 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1730 LDFLAGS="$LDFLAGS -L${withval}/lib"
1735 # Verify that it works.
1736 if test "x$ldns" = "xyes" ; then
1737 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support])
1739 AC_MSG_CHECKING([for ldns support])
1744 #ifdef HAVE_STDINT_H
1745 # include <stdint.h>
1747 #include <ldns/ldns.h>
1748 int main(void) { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
1751 [AC_MSG_RESULT(yes)],
1754 AC_MSG_ERROR([** Incomplete or missing ldns libraries.])
1759 # Check whether user wants libedit support
1761 AC_ARG_WITH([libedit],
1762 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1763 [ if test "x$withval" != "xno" ; then
1764 if test "x$withval" = "xyes" ; then
1765 if test "x$PKGCONFIG" != "xno"; then
1766 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit])
1767 if "$PKGCONFIG" libedit; then
1768 AC_MSG_RESULT([yes])
1769 use_pkgconfig_for_libedit=yes
1775 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1776 if test -n "${rpath_opt}"; then
1777 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}"
1779 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1782 if test "x$use_pkgconfig_for_libedit" = "xyes"; then
1783 LIBEDIT=`$PKGCONFIG --libs libedit`
1784 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1786 LIBEDIT="-ledit -lcurses"
1788 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1789 AC_CHECK_LIB([edit], [el_init],
1790 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp])
1794 [ AC_MSG_ERROR([libedit not found]) ],
1797 AC_MSG_CHECKING([if libedit version is compatible])
1800 #include <histedit.h>
1805 el_init("", NULL, NULL, NULL);
1808 [ AC_MSG_RESULT([yes]) ],
1809 [ AC_MSG_RESULT([no])
1810 AC_MSG_ERROR([libedit version is not compatible]) ]
1816 AC_ARG_WITH([audit],
1817 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)],
1819 AC_MSG_CHECKING([for supported audit module])
1822 AC_MSG_RESULT([bsm])
1824 dnl Checks for headers, libs and functions
1825 AC_CHECK_HEADERS([bsm/audit.h], [],
1826 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])],
1833 AC_CHECK_LIB([bsm], [getaudit], [],
1834 [AC_MSG_ERROR([BSM enabled and required library not found])])
1835 AC_CHECK_FUNCS([getaudit], [],
1836 [AC_MSG_ERROR([BSM enabled and required function not found])])
1837 # These are optional
1838 AC_CHECK_FUNCS([getaudit_addr aug_get_machine])
1839 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module])
1840 if test "$sol2ver" -ge 11; then
1841 SSHDLIBS="$SSHDLIBS -lscf"
1842 AC_DEFINE([BROKEN_BSM_API], [1],
1843 [The system has incomplete BSM API])
1847 AC_MSG_RESULT([linux])
1849 dnl Checks for headers, libs and functions
1850 AC_CHECK_HEADERS([libaudit.h])
1851 SSHDLIBS="$SSHDLIBS -laudit"
1852 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module])
1856 AC_MSG_RESULT([debug])
1857 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module])
1863 AC_MSG_ERROR([Unknown audit module $withval])
1869 [ --with-pie Build Position Independent Executables if possible], [
1870 if test "x$withval" = "xno"; then
1873 if test "x$withval" = "xyes"; then
1878 if test "x$use_pie" = "x"; then
1881 if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then
1882 # Turn off automatic PIE when toolchain hardening is off.
1885 if test "x$use_pie" = "xauto"; then
1886 # Automatic PIE requires gcc >= 4.x
1887 AC_MSG_CHECKING([for gcc >= 4.x])
1888 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
1889 #if !defined(__GNUC__) || __GNUC__ < 4
1890 #error gcc is too old
1893 [ AC_MSG_RESULT([yes]) ],
1894 [ AC_MSG_RESULT([no])
1898 if test "x$use_pie" != "xno"; then
1899 SAVED_CFLAGS="$CFLAGS"
1900 SAVED_LDFLAGS="$LDFLAGS"
1901 OSSH_CHECK_CFLAG_COMPILE([-fPIE])
1902 OSSH_CHECK_LDFLAG_LINK([-pie])
1903 # We use both -fPIE and -pie or neither.
1904 AC_MSG_CHECKING([whether both -fPIE and -pie are supported])
1905 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \
1906 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then
1907 AC_MSG_RESULT([yes])
1910 CFLAGS="$SAVED_CFLAGS"
1911 LDFLAGS="$SAVED_LDFLAGS"
1915 AC_MSG_CHECKING([whether -fPIC is accepted])
1916 SAVED_CFLAGS="$CFLAGS"
1917 CFLAGS="$CFLAGS -fPIC"
1919 [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )],
1920 [AC_MSG_RESULT([yes])
1922 [AC_MSG_RESULT([no])
1924 CFLAGS="$SAVED_CFLAGS"
1927 dnl Checks for library functions. Please keep in alphabetical order
1931 Blowfish_initstate \
1932 Blowfish_expandstate \
1933 Blowfish_expand0state \
1934 Blowfish_stream2word \
2073 AC_CHECK_DECLS([bzero, memmem])
2075 dnl Wide character support.
2076 AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth])
2078 TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes}
2079 AC_MSG_CHECKING([for utf8 locale support])
2085 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8");
2093 AC_MSG_WARN([cross compiling: assuming yes])
2098 [[ #include <ctype.h> ]],
2099 [[ return (isblank('a')); ]])],
2100 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).])
2104 AC_ARG_ENABLE([pkcs11],
2105 [ --disable-pkcs11 disable PKCS#11 support code [no]],
2107 if test "x$enableval" = "xno" ; then
2114 AC_ARG_ENABLE([security-key],
2115 [ --disable-security-key disable U2F/FIDO support code [no]],
2117 if test "x$enableval" = "xno" ; then
2123 AC_ARG_WITH([security-key-builtin],
2124 [ --with-security-key-builtin include builtin U2F/FIDO support],
2125 [ enable_sk_internal=$withval ]
2128 AC_SEARCH_LIBS([dlopen], [dl])
2129 AC_CHECK_FUNCS([dlopen])
2130 AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>])
2132 # IRIX has a const char return value for gai_strerror()
2133 AC_CHECK_FUNCS([gai_strerror], [
2134 AC_DEFINE([HAVE_GAI_STRERROR])
2135 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2136 #include <sys/types.h>
2137 #include <sys/socket.h>
2140 const char *gai_strerror(int);
2143 str = gai_strerror(0);
2145 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1],
2146 [Define if gai_strerror() returns const char *])], [])])
2148 AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1],
2149 [Some systems put nanosleep outside of libc])])
2151 AC_SEARCH_LIBS([clock_gettime], [rt],
2152 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])])
2154 dnl check if we need -D_REENTRANT for localtime_r declaration.
2155 AC_CHECK_DECL([localtime_r], [],
2156 [ saved_CPPFLAGS="$CPPFLAGS"
2157 CPPFLAGS="$CPPFLAGS -D_REENTRANT"
2158 unset ac_cv_have_decl_localtime_r
2159 AC_CHECK_DECL([localtime_r], [],
2160 [ CPPFLAGS="$saved_CPPFLAGS" ],
2161 [ #include <time.h> ]
2164 [ #include <time.h> ]
2167 dnl Make sure prototypes are defined for these before using them.
2168 AC_CHECK_DECL([strsep],
2169 [AC_CHECK_FUNCS([strsep])],
2172 #ifdef HAVE_STRING_H
2173 # include <string.h>
2177 dnl tcsendbreak might be a macro
2178 AC_CHECK_DECL([tcsendbreak],
2179 [AC_DEFINE([HAVE_TCSENDBREAK])],
2180 [AC_CHECK_FUNCS([tcsendbreak])],
2181 [#include <termios.h>]
2184 AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>])
2186 AC_CHECK_DECLS([SHUT_RD, getpeereid], , ,
2188 #include <sys/types.h>
2189 #include <sys/socket.h>
2193 AC_CHECK_DECLS([O_NONBLOCK], , ,
2195 #include <sys/types.h>
2196 #ifdef HAVE_SYS_STAT_H
2197 # include <sys/stat.h>
2204 AC_CHECK_DECLS([ftruncate, getentropy], , ,
2206 #include <sys/types.h>
2210 AC_CHECK_DECLS([readv, writev], , , [
2211 #include <sys/types.h>
2212 #include <sys/uio.h>
2216 AC_CHECK_DECLS([MAXSYMLINKS], , , [
2217 #include <sys/param.h>
2220 AC_CHECK_DECLS([offsetof], , , [
2224 # extra bits for select(2)
2225 AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[
2226 #include <sys/param.h>
2227 #include <sys/types.h>
2228 #ifdef HAVE_SYS_SYSMACROS_H
2229 #include <sys/sysmacros.h>
2231 #ifdef HAVE_SYS_SELECT_H
2232 #include <sys/select.h>
2234 #ifdef HAVE_SYS_TIME_H
2235 #include <sys/time.h>
2237 #ifdef HAVE_UNISTD_H
2241 AC_CHECK_TYPES([fd_mask], [], [], [[
2242 #include <sys/param.h>
2243 #include <sys/types.h>
2244 #ifdef HAVE_SYS_SELECT_H
2245 #include <sys/select.h>
2247 #ifdef HAVE_SYS_TIME_H
2248 #include <sys/time.h>
2250 #ifdef HAVE_UNISTD_H
2255 AC_CHECK_FUNCS([setresuid], [
2256 dnl Some platorms have setresuid that isn't implemented, test for this
2257 AC_MSG_CHECKING([if setresuid seems to work])
2271 [AC_MSG_RESULT([yes])],
2272 [AC_DEFINE([BROKEN_SETRESUID], [1],
2273 [Define if your setresuid() is broken])
2274 AC_MSG_RESULT([not implemented])],
2275 [AC_MSG_WARN([cross compiling: not checking setresuid])]
2279 AC_CHECK_FUNCS([setresgid], [
2280 dnl Some platorms have setresgid that isn't implemented, test for this
2281 AC_MSG_CHECKING([if setresgid seems to work])
2295 [AC_MSG_RESULT([yes])],
2296 [AC_DEFINE([BROKEN_SETRESGID], [1],
2297 [Define if your setresgid() is broken])
2298 AC_MSG_RESULT([not implemented])],
2299 [AC_MSG_WARN([cross compiling: not checking setresuid])]
2303 AC_MSG_CHECKING([for working fflush(NULL)])
2309 [[fflush(NULL); exit(0);]])],
2310 AC_MSG_RESULT([yes]),
2311 [AC_MSG_RESULT([no])
2312 AC_DEFINE([FFLUSH_NULL_BUG], [1],
2313 [define if fflush(NULL) does not work])],
2314 AC_MSG_WARN([cross compiling: assuming working])
2317 dnl Checks for time functions
2318 AC_CHECK_FUNCS([gettimeofday time])
2319 dnl Checks for utmp functions
2320 AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
2321 AC_CHECK_FUNCS([utmpname])
2322 dnl Checks for utmpx functions
2323 AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline])
2324 AC_CHECK_FUNCS([setutxdb setutxent utmpxname])
2325 dnl Checks for lastlog functions
2326 AC_CHECK_FUNCS([getlastlogxbyname])
2328 AC_CHECK_FUNC([daemon],
2329 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])],
2330 [AC_CHECK_LIB([bsd], [daemon],
2331 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])]
2334 AC_CHECK_FUNC([getpagesize],
2335 [AC_DEFINE([HAVE_GETPAGESIZE], [1],
2336 [Define if your libraries define getpagesize()])],
2337 [AC_CHECK_LIB([ucb], [getpagesize],
2338 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])]
2341 # Check for broken snprintf
2342 if test "x$ac_cv_func_snprintf" = "xyes" ; then
2343 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
2351 snprintf(b,5,"123456789");
2354 [AC_MSG_RESULT([yes])],
2357 AC_DEFINE([BROKEN_SNPRINTF], [1],
2358 [Define if your snprintf is busted])
2359 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
2361 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
2365 if test "x$ac_cv_func_snprintf" = "xyes" ; then
2366 AC_MSG_CHECKING([whether snprintf understands %zu])
2369 #include <sys/types.h>
2375 size_t a = 1, b = 2;
2377 snprintf(z, sizeof z, "%zu%zu", a, b);
2378 exit(strcmp(z, "12"));
2380 [AC_MSG_RESULT([yes])],
2383 AC_DEFINE([BROKEN_SNPRINTF], [1],
2384 [snprintf does not understand %zu])
2386 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
2390 # We depend on vsnprintf returning the right thing on overflow: the
2391 # number of characters it tried to create (as per SUSv3)
2392 if test "x$ac_cv_func_vsnprintf" = "xyes" ; then
2393 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
2396 #include <sys/types.h>
2400 int x_snprintf(char *str, size_t count, const char *fmt, ...)
2406 ret = vsnprintf(str, count, fmt, ap);
2412 if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11)
2414 if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11)
2418 [AC_MSG_RESULT([yes])],
2421 AC_DEFINE([BROKEN_SNPRINTF], [1],
2422 [Define if your snprintf is busted])
2423 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
2425 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
2429 # On systems where [v]snprintf is broken, but is declared in stdio,
2430 # check that the fmt argument is const char * or just char *.
2431 # This is only useful for when BROKEN_SNPRINTF
2432 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
2433 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2435 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
2439 [AC_MSG_RESULT([yes])
2440 AC_DEFINE([SNPRINTF_CONST], [const],
2441 [Define as const if snprintf() can declare const char *fmt])],
2442 [AC_MSG_RESULT([no])
2443 AC_DEFINE([SNPRINTF_CONST], [/* not const */])])
2445 # Check for missing getpeereid (or equiv) support
2447 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
2448 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
2449 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2450 #include <sys/types.h>
2451 #include <sys/socket.h>]], [[int i = SO_PEERCRED;]])],
2452 [ AC_MSG_RESULT([yes])
2453 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option])
2454 ], [AC_MSG_RESULT([no])
2459 dnl make sure that openpty does not reacquire controlling terminal
2460 if test ! -z "$check_for_openpty_ctty_bug"; then
2461 AC_MSG_CHECKING([if openpty correctly handles controlling tty])
2470 #include <sys/fcntl.h>
2471 #include <sys/types.h>
2472 #include <sys/wait.h>
2475 int fd, ptyfd, ttyfd, status;
2478 if (pid < 0) { /* failed */
2480 } else if (pid > 0) { /* parent */
2481 waitpid(pid, &status, 0);
2482 if (WIFEXITED(status))
2483 exit(WEXITSTATUS(status));
2486 } else { /* child */
2487 close(0); close(1); close(2);
2489 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
2490 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
2492 exit(3); /* Acquired ctty: broken */
2494 exit(0); /* Did not acquire ctty: OK */
2498 AC_MSG_RESULT([yes])
2502 AC_DEFINE([SSHD_ACQUIRES_CTTY])
2505 AC_MSG_RESULT([cross-compiling, assuming yes])
2510 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2511 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
2512 AC_MSG_CHECKING([if getaddrinfo seems to work])
2517 #include <sys/socket.h>
2520 #include <netinet/in.h>
2522 #define TEST_PORT "2222"
2525 struct addrinfo *gai_ai, *ai, hints;
2526 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2528 memset(&hints, 0, sizeof(hints));
2529 hints.ai_family = PF_UNSPEC;
2530 hints.ai_socktype = SOCK_STREAM;
2531 hints.ai_flags = AI_PASSIVE;
2533 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2535 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2539 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2540 if (ai->ai_family != AF_INET6)
2543 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2544 sizeof(ntop), strport, sizeof(strport),
2545 NI_NUMERICHOST|NI_NUMERICSERV);
2548 if (err == EAI_SYSTEM)
2549 perror("getnameinfo EAI_SYSTEM");
2551 fprintf(stderr, "getnameinfo failed: %s\n",
2556 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
2559 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
2567 AC_MSG_RESULT([yes])
2571 AC_DEFINE([BROKEN_GETADDRINFO])
2574 AC_MSG_RESULT([cross-compiling, assuming yes])
2579 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2580 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
2581 AC_MSG_CHECKING([if getaddrinfo seems to work])
2586 #include <sys/socket.h>
2589 #include <netinet/in.h>
2591 #define TEST_PORT "2222"
2594 struct addrinfo *gai_ai, *ai, hints;
2595 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2597 memset(&hints, 0, sizeof(hints));
2598 hints.ai_family = PF_UNSPEC;
2599 hints.ai_socktype = SOCK_STREAM;
2600 hints.ai_flags = AI_PASSIVE;
2602 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2604 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2608 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2609 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
2612 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2613 sizeof(ntop), strport, sizeof(strport),
2614 NI_NUMERICHOST|NI_NUMERICSERV);
2616 if (ai->ai_family == AF_INET && err != 0) {
2617 perror("getnameinfo");
2624 AC_MSG_RESULT([yes])
2625 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1],
2626 [Define if you have a getaddrinfo that fails
2627 for the all-zeros IPv6 address])
2631 AC_DEFINE([BROKEN_GETADDRINFO])
2634 AC_MSG_RESULT([cross-compiling, assuming no])
2639 if test "x$ac_cv_func_getaddrinfo" = "xyes"; then
2640 AC_CHECK_DECLS(AI_NUMERICSERV, , ,
2641 [#include <sys/types.h>
2642 #include <sys/socket.h>
2643 #include <netdb.h>])
2646 if test "x$check_for_conflicting_getspnam" = "x1"; then
2647 AC_MSG_CHECKING([for conflicting getspnam in shadow.h])
2648 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2657 AC_MSG_RESULT([yes])
2658 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1],
2659 [Conflicting defs for getspnam])
2664 dnl NetBSD added an strnvis and unfortunately made it incompatible with the
2665 dnl existing one in OpenBSD and Linux's libbsd (the former having existed
2666 dnl for over ten years). Despite this incompatibility being reported during
2667 dnl development (see http://gnats.netbsd.org/44977) they still shipped it.
2668 dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible
2669 dnl implementation. Try to detect this mess, and assume the only safe option
2670 dnl if we're cross compiling.
2672 dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag);
2673 dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag);
2674 if test "x$ac_cv_func_strnvis" = "xyes"; then
2675 AC_MSG_CHECKING([for working strnvis])
2683 static void sighandler(int sig) { _exit(1); }
2687 signal(SIGSEGV, sighandler);
2688 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0)
2692 [AC_MSG_RESULT([yes])],
2693 [AC_MSG_RESULT([no])
2694 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])],
2695 [AC_MSG_WARN([cross compiling: assuming broken])
2696 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])]
2700 AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()])
2703 #ifdef HAVE_SYS_SELECT
2704 # include <sys/select.h>
2706 #include <sys/types.h>
2707 #include <sys/time.h>
2711 static void sighandler(int sig) { }
2715 struct sigaction sa;
2717 sa.sa_handler = sighandler;
2718 sa.sa_flags = SA_RESTART;
2719 (void)sigaction(SIGTERM, &sa, NULL);
2720 if ((pid = fork()) == 0) { /* child */
2725 if (getppid() == pid) /* if parent did not exit, shoot it */
2728 } else { /* parent */
2729 r = select(0, NULL, NULL, NULL, NULL);
2731 exit(r == -1 ? 0 : 1);
2733 [AC_MSG_RESULT([yes])],
2734 [AC_MSG_RESULT([no])
2735 AC_DEFINE([NO_SA_RESTART], [1],
2736 [SA_RESTARTed signals do no interrupt select])],
2737 [AC_MSG_WARN([cross compiling: assuming yes])]
2740 AC_CHECK_FUNCS([getpgrp],[
2741 AC_MSG_CHECKING([if getpgrp accepts zero args])
2743 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])],
2744 [ AC_MSG_RESULT([yes])
2745 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])],
2746 [ AC_MSG_RESULT([no])
2747 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])]
2751 # Search for OpenSSL
2752 saved_CPPFLAGS="$CPPFLAGS"
2753 saved_LDFLAGS="$LDFLAGS"
2754 openssl_bin_PATH="$PATH"
2755 AC_ARG_WITH([ssl-dir],
2756 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
2758 if test "x$openssl" = "xno" ; then
2759 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled])
2761 if test "x$withval" != "xno" ; then
2764 ./*|../*) withval="`pwd`/$withval"
2766 if test -d "$withval/lib"; then
2767 libcrypto_path="${withval}/lib"
2768 elif test -d "$withval/lib64"; then
2769 libcrypto_path="$withval/lib64"
2771 # Built but not installed
2772 libcrypto_path="${withval}"
2774 if test -n "${rpath_opt}"; then
2775 LDFLAGS="-L${libcrypto_path} ${rpath_opt}${libcrypto_path} ${LDFLAGS}"
2777 LDFLAGS="-L${libcrypto_path} ${LDFLAGS}"
2779 if test -d "$withval/include"; then
2780 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2782 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2784 openssl_bin_PATH="${PATH}${PATH_SEPARATOR}${withval}/bin${PATH_SEPARATOR}${withval}/apps"
2788 AC_PATH_PROGS([openssl_bin], openssl, [], [$openssl_bin_PATH])
2789 AC_SUBST(OPENSSL_BIN, [${openssl_bin}])
2791 AC_ARG_WITH([openssl-header-check],
2792 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2794 if test "x$withval" = "xno" ; then
2795 openssl_check_nonfatal=1
2801 AC_ARG_WITH([ssl-engine],
2802 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2804 if test "x$withval" != "xno" ; then
2805 if test "x$openssl" = "xno" ; then
2806 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled])
2813 nocrypto_saved_LIBS="$LIBS"
2814 if test "x$openssl" = "xyes" ; then
2815 LIBS="-lcrypto $LIBS"
2816 CHANNELLIBS="-lcrypto $CHANNELLIBS"
2817 AC_TRY_LINK_FUNC([RAND_add], ,
2818 [AC_MSG_ERROR([*** working libcrypto not found, check config.log])])
2819 AC_CHECK_HEADER([openssl/opensslv.h], ,
2820 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])])
2822 # Determine OpenSSL header version
2823 AC_MSG_CHECKING([OpenSSL header version])
2829 #include <openssl/opensslv.h>
2830 #define DATA "conftest.sslincver"
2835 fd = fopen(DATA,"w");
2839 if ((rc = fprintf(fd, "%08lx (%s)\n",
2840 (unsigned long)OPENSSL_VERSION_NUMBER,
2841 OPENSSL_VERSION_TEXT)) < 0)
2847 ssl_header_ver=`cat conftest.sslincver`
2848 AC_MSG_RESULT([$ssl_header_ver])
2851 AC_MSG_RESULT([not found])
2852 AC_MSG_ERROR([OpenSSL version header not found.])
2855 AC_MSG_WARN([cross compiling: not checking])
2859 # Determining OpenSSL library version is version dependent.
2860 AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num])
2862 # Determine OpenSSL library version
2863 AC_MSG_CHECKING([OpenSSL library version])
2869 #include <openssl/opensslv.h>
2870 #include <openssl/crypto.h>
2871 #define DATA "conftest.ssllibver"
2874 /* We need these legacy bits to warn for old libcrypto */
2875 #ifndef OPENSSL_VERSION
2876 # define OPENSSL_VERSION SSLEAY_VERSION
2878 #ifndef HAVE_OPENSSL_VERSION
2879 # define OpenSSL_version SSLeay_version
2881 #ifndef HAVE_OPENSSL_VERSION_NUM
2882 # define OpenSSL_version_num SSLeay
2884 if ((f = fopen(DATA, "w")) == NULL)
2886 if (fprintf(f, "%08lx (%s)",
2887 (unsigned long)OpenSSL_version_num(),
2888 OpenSSL_version(OPENSSL_VERSION)) < 0)
2890 #ifdef LIBRESSL_VERSION_NUMBER
2891 if (fprintf(f, " libressl-%08lx", LIBRESSL_VERSION_NUMBER) < 0)
2894 if (fputc('\n', f) == EOF || fclose(f) == EOF)
2899 sslver=`cat conftest.ssllibver`
2900 ssl_showver=`echo "$sslver" | sed 's/ libressl-.*//'`
2901 # Check version is supported.
2903 100*|10100*) # 1.0.x, 1.1.0x
2904 AC_MSG_ERROR([OpenSSL >= 1.1.1 required (have "$ssl_showver")])
2908 lver=`echo "$sslver" | sed 's/.*libressl-//'`
2910 2*|300*) # 2.x, 3.0.0
2911 AC_MSG_ERROR([LibreSSL >= 3.1.0 required (have "$ssl_showver")])
2913 *) ;; # Assume all other versions are good.
2917 # OpenSSL 3; we use the 1.1x API
2918 CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L"
2921 # OpenSSL development branch; request 1.1x API
2922 CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L"
2925 AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_showver")])
2928 AC_MSG_RESULT([$ssl_showver])
2931 AC_MSG_RESULT([not found])
2932 AC_MSG_ERROR([OpenSSL library not found.])
2935 AC_MSG_WARN([cross compiling: not checking])
2943 AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)])
2948 # Sanity check OpenSSL headers
2949 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2954 #include <openssl/opensslv.h>
2955 #include <openssl/crypto.h>
2957 exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1);
2960 AC_MSG_RESULT([yes])
2964 if test "x$openssl_check_nonfatal" = "x"; then
2965 AC_MSG_ERROR([Your OpenSSL headers do not match your
2966 library. Check config.log for details.
2967 If you are sure your installation is consistent, you can disable the check
2968 by running "./configure --without-openssl-header-check".
2969 Also see contrib/findssl.sh for help identifying header/library mismatches.
2972 AC_MSG_WARN([Your OpenSSL headers do not match your
2973 library. Check config.log for details.
2974 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2978 AC_MSG_WARN([cross compiling: not checking])
2982 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2984 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]],
2985 [[ ERR_load_crypto_strings(); ]])],
2987 AC_MSG_RESULT([yes])
2992 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2994 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]],
2995 [[ ERR_load_crypto_strings(); ]])],
2997 AC_MSG_RESULT([yes])
2998 CHANNELLIBS="$CHANNELLIBS -ldl"
3010 DSA_generate_parameters_ex \
3011 EVP_DigestFinal_ex \
3013 EVP_MD_CTX_cleanup \
3014 EVP_MD_CTX_copy_ex \
3017 RSA_generate_key_ex \
3018 RSA_get_default_method \
3021 # OpenSSL_add_all_algorithms may be a macro.
3022 AC_CHECK_FUNC(OpenSSL_add_all_algorithms,
3023 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]),
3024 AC_CHECK_DECL(OpenSSL_add_all_algorithms,
3025 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), ,
3026 [[#include <openssl/evp.h>]]
3030 # LibreSSL/OpenSSL API differences
3033 EVP_CIPHER_CTX_iv_noconst \
3034 EVP_CIPHER_CTX_get_iv \
3035 EVP_CIPHER_CTX_get_updated_iv \
3036 EVP_CIPHER_CTX_set_iv \
3039 if test "x$openssl_engine" = "xyes" ; then
3040 AC_MSG_CHECKING([for OpenSSL ENGINE support])
3041 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3042 #include <openssl/engine.h>
3044 ENGINE_load_builtin_engines();
3045 ENGINE_register_all_complete();
3047 [ AC_MSG_RESULT([yes])
3048 AC_DEFINE([USE_OPENSSL_ENGINE], [1],
3049 [Enable OpenSSL engine support])
3050 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found])
3054 # Check for OpenSSL without EVP_aes_{192,256}_cbc
3055 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
3060 #include <openssl/evp.h>
3062 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
3068 AC_MSG_RESULT([yes])
3069 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1],
3070 [libcrypto is missing AES 192 and 256 bit functions])
3074 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
3079 #include <openssl/evp.h>
3081 if(EVP_DigestUpdate(NULL, NULL,0))
3085 AC_MSG_RESULT([yes])
3089 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1],
3090 [Define if EVP_DigestUpdate returns void])
3094 # Check for various EVP support in OpenSSL
3095 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 EVP_chacha20])
3097 # Check complete ECC support in OpenSSL
3098 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1])
3101 #include <openssl/ec.h>
3102 #include <openssl/ecdh.h>
3103 #include <openssl/ecdsa.h>
3104 #include <openssl/evp.h>
3105 #include <openssl/objects.h>
3106 #include <openssl/opensslv.h>
3108 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
3109 const EVP_MD *m = EVP_sha256(); /* We need this too */
3111 [ AC_MSG_RESULT([yes])
3112 enable_nistp256=1 ],
3113 [ AC_MSG_RESULT([no]) ]
3116 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1])
3119 #include <openssl/ec.h>
3120 #include <openssl/ecdh.h>
3121 #include <openssl/ecdsa.h>
3122 #include <openssl/evp.h>
3123 #include <openssl/objects.h>
3124 #include <openssl/opensslv.h>
3126 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1);
3127 const EVP_MD *m = EVP_sha384(); /* We need this too */
3129 [ AC_MSG_RESULT([yes])
3130 enable_nistp384=1 ],
3131 [ AC_MSG_RESULT([no]) ]
3134 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1])
3137 #include <openssl/ec.h>
3138 #include <openssl/ecdh.h>
3139 #include <openssl/ecdsa.h>
3140 #include <openssl/evp.h>
3141 #include <openssl/objects.h>
3142 #include <openssl/opensslv.h>
3144 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
3145 const EVP_MD *m = EVP_sha512(); /* We need this too */
3147 [ AC_MSG_RESULT([yes])
3148 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional])
3152 #include <openssl/ec.h>
3153 #include <openssl/ecdh.h>
3154 #include <openssl/ecdsa.h>
3155 #include <openssl/evp.h>
3156 #include <openssl/objects.h>
3157 #include <openssl/opensslv.h>
3159 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
3160 const EVP_MD *m = EVP_sha512(); /* We need this too */
3161 exit(e == NULL || m == NULL);
3163 [ AC_MSG_RESULT([yes])
3164 enable_nistp521=1 ],
3165 [ AC_MSG_RESULT([no]) ],
3166 [ AC_MSG_WARN([cross-compiling: assuming yes])
3172 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \
3173 test x$enable_nistp521 = x1; then
3174 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC])
3175 AC_CHECK_FUNCS([EC_KEY_METHOD_new])
3180 if test x$enable_nistp256 = x1; then
3181 AC_DEFINE([OPENSSL_HAS_NISTP256], [1],
3182 [libcrypto has NID_X9_62_prime256v1])
3184 unsupported_algorithms="$unsupported_algorithms \
3185 ecdsa-sha2-nistp256 \
3186 ecdh-sha2-nistp256 \
3187 ecdsa-sha2-nistp256-cert-v01@openssh.com"
3189 if test x$enable_nistp384 = x1; then
3190 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1])
3192 unsupported_algorithms="$unsupported_algorithms \
3193 ecdsa-sha2-nistp384 \
3194 ecdh-sha2-nistp384 \
3195 ecdsa-sha2-nistp384-cert-v01@openssh.com"
3197 if test x$enable_nistp521 = x1; then
3198 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1])
3200 unsupported_algorithms="$unsupported_algorithms \
3201 ecdh-sha2-nistp521 \
3202 ecdsa-sha2-nistp521 \
3203 ecdsa-sha2-nistp521-cert-v01@openssh.com"
3206 # Check libcrypto ED25519 support
3207 AC_CHECK_FUNCS([EVP_PKEY_get_raw_public_key])
3208 AC_CHECK_FUNCS([EVP_PKEY_get_raw_private_key])
3209 AC_MSG_CHECKING([whether OpenSSL has ED25519 support])
3213 #include <openssl/evp.h>
3215 unsigned char buf[64];
3216 memset(buf, 0, sizeof(buf));
3217 exit(EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519,
3218 buf, sizeof(buf)) == NULL);
3221 AC_MSG_RESULT([yes])
3222 AC_DEFINE([OPENSSL_HAS_ED25519], [1],
3223 [libcrypto has ed25519 support])
3231 # PKCS11/U2F depend on OpenSSL and dlopen().
3234 if test "x$openssl" != "xyes" ; then
3235 enable_pkcs11="disabled; missing libcrypto"
3237 if test "x$ac_cv_func_dlopen" != "xyes" ; then
3238 enable_pkcs11="disabled; missing dlopen(3)"
3239 enable_sk="disabled; missing dlopen(3)"
3241 if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then
3242 enable_pkcs11="disabled; missing RTLD_NOW"
3243 enable_sk="disabled; missing RTLD_NOW"
3245 if test ! -z "$disable_pkcs11" ; then
3246 enable_pkcs11="disabled by user"
3248 if test ! -z "$disable_sk" ; then
3249 enable_sk="disabled by user"
3252 AC_MSG_CHECKING([whether to enable PKCS11])
3253 if test "x$enable_pkcs11" = "xyes" ; then
3254 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])
3256 AC_MSG_RESULT([$enable_pkcs11])
3258 AC_MSG_CHECKING([whether to enable U2F])
3259 if test "x$enable_sk" = "xyes" ; then
3260 AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support])
3261 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so])
3263 # Do not try to build sk-dummy library.
3264 AC_SUBST(SK_DUMMY_LIBRARY, [""])
3266 AC_MSG_RESULT([$enable_sk])
3268 # Now check for built-in security key support.
3269 if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" != "xno" ; then
3270 use_pkgconfig_for_libfido2=
3271 if test "x$PKGCONFIG" != "xno"; then
3272 AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2])
3273 if "$PKGCONFIG" libfido2; then
3274 AC_MSG_RESULT([yes])
3275 use_pkgconfig_for_libfido2=yes
3280 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then
3281 LIBFIDO2=`$PKGCONFIG --libs libfido2`
3282 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`"
3284 LIBFIDO2="-lprivatefido2 -lprivatecbor"
3286 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'`
3288 AC_CHECK_LIB([privatefido2], [fido_init],
3290 [ fido2_error="missing/unusable libfido2" ],
3293 AC_CHECK_HEADER([fido.h], [],
3294 [ fido2_error="missing fido.h from libfido2" ])
3295 AC_CHECK_HEADER([fido/credman.h], [],
3296 [ fido2_error="missing fido/credman.h from libfido2" ],
3297 [ #include <fido.h> ]
3299 AC_MSG_CHECKING([for usable libfido2 installation])
3300 if test ! -z "$fido2_error" ; then
3301 AC_MSG_RESULT([$fido2_error])
3302 if test "x$enable_sk_internal" = "xyes" ; then
3303 AC_MSG_ERROR([No usable libfido2 library/headers found])
3307 AC_MSG_RESULT([yes])
3308 AC_SUBST([LIBFIDO2])
3309 AC_DEFINE([ENABLE_SK_INTERNAL], [],
3310 [Enable for built-in U2F/FIDO support])
3311 enable_sk="built-in"
3313 LIBS="$LIBFIDO2 $LIBS"
3315 fido_assert_set_clientdata \
3317 fido_cred_set_prot \
3318 fido_cred_set_clientdata \
3319 fido_dev_get_touch_begin \
3320 fido_dev_get_touch_status \
3321 fido_dev_supports_cred_prot \
3322 fido_dev_is_winhello \
3332 arc4random_uniform \
3334 ### Configure cryptographic random number support
3336 # Check whether OpenSSL seeds itself
3337 if test "x$openssl" = "xyes" ; then
3338 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
3343 #include <openssl/rand.h>
3345 exit(RAND_status() == 1 ? 0 : 1);
3348 OPENSSL_SEEDS_ITSELF=yes
3349 AC_MSG_RESULT([yes])
3355 AC_MSG_WARN([cross compiling: assuming yes])
3356 # This is safe, since we will fatal() at runtime if
3357 # OpenSSL is not seeded correctly.
3358 OPENSSL_SEEDS_ITSELF=yes
3364 AC_ARG_WITH([prngd-port],
3365 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
3374 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port])
3377 if test ! -z "$withval" ; then
3378 PRNGD_PORT="$withval"
3379 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT],
3380 [Port number of PRNGD/EGD random number socket])
3385 # PRNGD Unix domain socket
3386 AC_ARG_WITH([prngd-socket],
3387 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
3391 withval="/var/run/egd-pool"
3399 AC_MSG_ERROR([You must specify an absolute path to the entropy socket])
3403 if test ! -z "$withval" ; then
3404 if test ! -z "$PRNGD_PORT" ; then
3405 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket])
3407 if test ! -r "$withval" ; then
3408 AC_MSG_WARN([Entropy socket is not readable])
3410 PRNGD_SOCKET="$withval"
3411 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"],
3412 [Location of PRNGD/EGD random number socket])
3416 # Check for existing socket only if we don't have a random device already
3417 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then
3418 AC_MSG_CHECKING([for PRNGD/EGD socket])
3419 # Insert other locations here
3420 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
3421 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
3422 PRNGD_SOCKET="$sock"
3423 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"])
3427 if test ! -z "$PRNGD_SOCKET" ; then
3428 AC_MSG_RESULT([$PRNGD_SOCKET])
3430 AC_MSG_RESULT([not found])
3436 # Which randomness source do we use?
3437 if test ! -z "$PRNGD_PORT" ; then
3438 RAND_MSG="PRNGd port $PRNGD_PORT"
3439 elif test ! -z "$PRNGD_SOCKET" ; then
3440 RAND_MSG="PRNGd socket $PRNGD_SOCKET"
3441 elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
3442 AC_DEFINE([OPENSSL_PRNG_ONLY], [1],
3443 [Define if you want the OpenSSL internally seeded PRNG only])
3444 RAND_MSG="OpenSSL internal ONLY"
3445 elif test "x$openssl" = "xno" ; then
3446 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible])
3448 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options])
3450 LIBS="$nocrypto_saved_LIBS"
3453 AC_CHECK_LIB([iaf], [ia_openinfo], [
3455 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf"
3456 AC_DEFINE([HAVE_LIBIAF], [1],
3457 [Define if system has libiaf that supports set_id])
3462 # Check for crypt() in libcrypt. If we have it, we only need it for sshd.
3464 AC_CHECK_LIB([crypt], [crypt], [
3465 LIBS="-lcrypt $LIBS"
3466 SSHDLIBS="-lcrypt $SSHDLIBS"
3468 AC_CHECK_FUNCS([crypt])
3471 # Check for PAM libs
3474 [ --with-pam Enable PAM support ],
3476 if test "x$withval" != "xno" ; then
3477 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
3478 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
3479 AC_MSG_ERROR([PAM headers not found])
3483 AC_CHECK_LIB([dl], [dlopen], , )
3484 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])])
3485 AC_CHECK_FUNCS([pam_getenvlist])
3486 AC_CHECK_FUNCS([pam_putenv])
3491 SSHDLIBS="$SSHDLIBS -lpam"
3492 AC_DEFINE([USE_PAM], [1],
3493 [Define if you want to enable PAM support])
3495 if test $ac_cv_lib_dl_dlopen = yes; then
3498 # libdl already in LIBS
3501 SSHDLIBS="$SSHDLIBS -ldl"
3509 AC_ARG_WITH([pam-service],
3510 [ --with-pam-service=name Specify PAM service name ],
3512 if test "x$withval" != "xno" && \
3513 test "x$withval" != "xyes" ; then
3514 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE],
3515 ["$withval"], [sshd PAM service name])
3520 # Check for older PAM
3521 if test "x$PAM_MSG" = "xyes" ; then
3522 # Check PAM strerror arguments (old PAM)
3523 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
3524 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3526 #if defined(HAVE_SECURITY_PAM_APPL_H)
3527 #include <security/pam_appl.h>
3528 #elif defined (HAVE_PAM_PAM_APPL_H)
3529 #include <pam/pam_appl.h>
3532 (void)pam_strerror((pam_handle_t *)NULL, -1);
3533 ]])], [AC_MSG_RESULT([no])], [
3534 AC_DEFINE([HAVE_OLD_PAM], [1],
3535 [Define if you have an old version of PAM
3536 which takes only one argument to pam_strerror])
3537 AC_MSG_RESULT([yes])
3538 PAM_MSG="yes (old library)"
3545 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER
3548 SSH_PRIVSEP_USER=sshd
3551 AC_ARG_WITH([privsep-user],
3552 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
3554 if test -n "$withval" && test "x$withval" != "xno" && \
3555 test "x${withval}" != "xyes"; then
3556 SSH_PRIVSEP_USER=$withval
3560 if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then
3561 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER],
3562 [Cygwin function to fetch non-privileged user for privilege separation])
3564 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
3565 [non-privileged user for privilege separation])
3567 AC_SUBST([SSH_PRIVSEP_USER])
3569 if test "x$have_linux_no_new_privs" = "x1" ; then
3570 AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [
3571 #include <sys/types.h>
3572 #include <linux/seccomp.h>
3575 if test "x$have_seccomp_filter" = "x1" ; then
3576 AC_MSG_CHECKING([kernel for seccomp_filter support])
3577 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3580 #include <linux/audit.h>
3581 #include <linux/seccomp.h>
3583 #include <sys/prctl.h>
3585 [[ int i = $seccomp_audit_arch;
3587 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
3588 exit(errno == EFAULT ? 0 : 1); ]])],
3589 [ AC_MSG_RESULT([yes]) ], [
3591 # Disable seccomp filter as a target
3592 have_seccomp_filter=0
3597 AC_CHECK_MEMBERS([struct pollfd.fd], [], [], [[
3598 #include <sys/types.h>
3602 #ifdef HAVE_SYS_POLL_H
3603 #include <sys/poll.h>
3607 AC_CHECK_TYPES([nfds_t], , , [
3608 #include <sys/types.h>
3612 #ifdef HAVE_SYS_POLL_H
3613 #include <sys/poll.h>
3617 # Decide which sandbox style to use
3619 AC_ARG_WITH([sandbox],
3620 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)],
3622 if test "x$withval" = "xyes" ; then
3625 sandbox_arg="$withval"
3630 if test "x$sandbox_arg" != "xno"; then
3631 # POSIX specifies that poll() "shall fail with EINVAL if the nfds argument
3632 # is greater than OPEN_MAX". On some platforms that includes implementions
3633 # of select in userspace on top of poll() so check both work with rlimit
3634 # NOFILES so check that both work before enabling the rlimit sandbox.
3635 AC_MSG_CHECKING([if select and/or poll works with descriptor rlimit])
3638 #include <sys/types.h>
3639 #ifdef HAVE_SYS_TIME_H
3640 # include <sys/time.h>
3642 #include <sys/resource.h>
3643 #ifdef HAVE_SYS_SELECT_H
3644 # include <sys/select.h>
3648 #elif HAVE_SYS_POLL_H
3649 # include <sys/poll.h>
3655 struct rlimit rl_zero;
3663 fd = open("/dev/null", O_RDONLY);
3666 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3667 setrlimit(RLIMIT_FSIZE, &rl_zero);
3668 setrlimit(RLIMIT_NOFILE, &rl_zero);
3671 r = select(fd+1, &fds, NULL, NULL, &tv);
3676 pfd.events = POLLIN;
3677 r = poll(&pfd, 1, 1);
3683 [AC_MSG_RESULT([yes])
3684 select_works_with_rlimit=yes],
3685 [AC_MSG_RESULT([no])
3686 select_works_with_rlimit=no],
3687 [AC_MSG_WARN([cross compiling: assuming no])
3688 select_works_with_rlimit=no]
3691 AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works])
3694 #include <sys/types.h>
3695 #ifdef HAVE_SYS_TIME_H
3696 # include <sys/time.h>
3698 #include <sys/resource.h>
3702 struct rlimit rl_zero;
3705 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3706 r = setrlimit(RLIMIT_NOFILE, &rl_zero);
3707 exit (r == -1 ? 1 : 0);
3709 [AC_MSG_RESULT([yes])
3710 rlimit_nofile_zero_works=yes],
3711 [AC_MSG_RESULT([no])
3712 rlimit_nofile_zero_works=no],
3713 [AC_MSG_WARN([cross compiling: assuming yes])
3714 rlimit_nofile_zero_works=yes]
3717 AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works])
3720 #include <sys/types.h>
3721 #include <sys/resource.h>
3724 struct rlimit rl_zero;
3726 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3727 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0);
3729 [AC_MSG_RESULT([yes])],
3730 [AC_MSG_RESULT([no])
3731 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1,
3732 [setrlimit RLIMIT_FSIZE works])],
3733 [AC_MSG_WARN([cross compiling: assuming yes])]
3737 if test "x$sandbox_arg" = "xpledge" || \
3738 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then
3739 test "x$ac_cv_func_pledge" != "xyes" && \
3740 AC_MSG_ERROR([pledge sandbox requires pledge(2) support])
3741 SANDBOX_STYLE="pledge"
3742 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)])
3743 elif test "x$sandbox_arg" = "xsystrace" || \
3744 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
3745 test "x$have_systr_policy_kill" != "x1" && \
3746 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support])
3747 SANDBOX_STYLE="systrace"
3748 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
3749 elif test "x$sandbox_arg" = "xdarwin" || \
3750 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
3751 test "x$ac_cv_header_sandbox_h" = "xyes") ; then
3752 test "x$ac_cv_func_sandbox_init" != "xyes" -o \
3753 "x$ac_cv_header_sandbox_h" != "xyes" && \
3754 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
3755 SANDBOX_STYLE="darwin"
3756 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
3757 elif test "x$sandbox_arg" = "xseccomp_filter" || \
3758 ( test -z "$sandbox_arg" && \
3759 test "x$have_seccomp_filter" = "x1" && \
3760 test "x$ac_cv_header_elf_h" = "xyes" && \
3761 test "x$ac_cv_header_linux_audit_h" = "xyes" && \
3762 test "x$ac_cv_header_linux_filter_h" = "xyes" && \
3763 test "x$seccomp_audit_arch" != "x" && \
3764 test "x$have_linux_no_new_privs" = "x1" && \
3765 test "x$ac_cv_func_prctl" = "xyes" ) ; then
3766 test "x$seccomp_audit_arch" = "x" && \
3767 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host])
3768 test "x$have_linux_no_new_privs" != "x1" && \
3769 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS])
3770 test "x$have_seccomp_filter" != "x1" && \
3771 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers])
3772 test "x$ac_cv_func_prctl" != "xyes" && \
3773 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function])
3774 SANDBOX_STYLE="seccomp_filter"
3775 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
3776 elif test "x$sandbox_arg" = "xcapsicum" || \
3777 ( test -z "$sandbox_arg" && \
3778 test "x$disable_capsicum" != "xyes" && \
3779 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \
3780 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then
3781 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \
3782 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header])
3783 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \
3784 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function])
3785 SANDBOX_STYLE="capsicum"
3786 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum])
3787 elif test "x$sandbox_arg" = "xrlimit" || \
3788 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
3789 test "x$select_works_with_rlimit" = "xyes" && \
3790 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then
3791 test "x$ac_cv_func_setrlimit" != "xyes" && \
3792 AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
3793 test "x$select_works_with_rlimit" != "xyes" && \
3794 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit])
3795 SANDBOX_STYLE="rlimit"
3796 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
3797 elif test "x$sandbox_arg" = "xsolaris" || \
3798 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then
3799 SANDBOX_STYLE="solaris"
3800 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges])
3801 elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
3802 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
3803 SANDBOX_STYLE="none"
3804 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing])
3806 AC_MSG_ERROR([unsupported --with-sandbox])
3809 # Cheap hack to ensure NEWS-OS libraries are arranged right.
3810 if test ! -z "$SONY" ; then
3811 LIBS="$LIBS -liberty";
3814 # Check for long long datatypes
3815 AC_CHECK_TYPES([long long, unsigned long long, long double])
3817 # Check datatype sizes
3818 AC_CHECK_SIZEOF([short int])
3819 AC_CHECK_SIZEOF([int])
3820 AC_CHECK_SIZEOF([long int])
3821 AC_CHECK_SIZEOF([long long int])
3822 AC_CHECK_SIZEOF([time_t], [], [[
3823 #include <sys/types.h>
3824 #ifdef HAVE_SYS_TIME_H
3825 # include <sys/time.h>
3833 # Sanity check long long for some platforms (AIX)
3834 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
3835 ac_cv_sizeof_long_long_int=0
3838 # compute LLONG_MIN and LLONG_MAX if we don't know them.
3839 if test -z "$have_llong_max" && test -z "$have_long_long_max"; then
3840 AC_MSG_CHECKING([for max value of long long])
3845 /* Why is this so damn hard? */
3849 #define __USE_ISOC99
3851 #define DATA "conftest.llminmax"
3852 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
3855 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
3856 * we do this the hard way.
3859 fprint_ll(FILE *f, long long n)
3862 int l[sizeof(long long) * 8];
3865 if (fprintf(f, "-") < 0)
3867 for (i = 0; n != 0; i++) {
3868 l[i] = my_abs(n % 10);
3872 if (fprintf(f, "%d", l[--i]) < 0)
3875 if (fprintf(f, " ") < 0)
3881 long long i, llmin, llmax = 0;
3883 if((f = fopen(DATA,"w")) == NULL)
3886 #if defined(LLONG_MIN) && defined(LLONG_MAX)
3887 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
3891 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
3892 /* This will work on one's complement and two's complement */
3893 for (i = 1; i > llmax; i <<= 1, i++)
3895 llmin = llmax + 1LL; /* wrap */
3899 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
3900 || llmax - 1 > llmax || llmin == llmax || llmin == 0
3901 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
3902 fprintf(f, "unknown unknown\n");
3906 if (fprint_ll(f, llmin) < 0)
3908 if (fprint_ll(f, llmax) < 0)
3915 llong_min=`$AWK '{print $1}' conftest.llminmax`
3916 llong_max=`$AWK '{print $2}' conftest.llminmax`
3918 AC_MSG_RESULT([$llong_max])
3919 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL],
3920 [max value of long long calculated by configure])
3921 AC_MSG_CHECKING([for min value of long long])
3922 AC_MSG_RESULT([$llong_min])
3923 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL],
3924 [min value of long long calculated by configure])
3927 AC_MSG_RESULT([not found])
3930 AC_MSG_WARN([cross compiling: not checking])
3935 AC_CHECK_DECLS([UINT32_MAX], , , [[
3936 #ifdef HAVE_SYS_LIMITS_H
3937 # include <sys/limits.h>
3939 #ifdef HAVE_LIMITS_H
3940 # include <limits.h>
3942 #ifdef HAVE_STDINT_H
3943 # include <stdint.h>
3947 # More checks for data types
3948 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
3949 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3950 [[ u_int a; a = 1;]])],
3951 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no"
3954 if test "x$ac_cv_have_u_int" = "xyes" ; then
3955 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type])
3959 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
3960 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3961 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3962 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no"
3965 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
3966 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type])
3970 if (test -z "$have_intxx_t" && \
3971 test "x$ac_cv_header_stdint_h" = "xyes")
3973 AC_MSG_CHECKING([for intXX_t types in stdint.h])
3974 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3975 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3977 AC_DEFINE([HAVE_INTXX_T])
3978 AC_MSG_RESULT([yes])
3979 ], [ AC_MSG_RESULT([no])
3983 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
3984 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3985 #include <sys/types.h>
3986 #ifdef HAVE_STDINT_H
3987 # include <stdint.h>
3989 #include <sys/socket.h>
3990 #ifdef HAVE_SYS_BITYPES_H
3991 # include <sys/bitypes.h>
3996 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no"
3999 if test "x$ac_cv_have_int64_t" = "xyes" ; then
4000 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type])
4003 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
4004 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4005 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
4006 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no"
4009 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
4010 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type])
4014 if test -z "$have_u_intxx_t" ; then
4015 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
4016 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]],
4017 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
4019 AC_DEFINE([HAVE_U_INTXX_T])
4020 AC_MSG_RESULT([yes])
4021 ], [ AC_MSG_RESULT([no])
4025 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
4026 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4027 [[ u_int64_t a; a = 1;]])],
4028 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no"
4031 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
4032 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type])
4036 if (test -z "$have_u_int64_t" && \
4037 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
4039 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
4040 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]],
4041 [[ u_int64_t a; a = 1]])],
4043 AC_DEFINE([HAVE_U_INT64_T])
4044 AC_MSG_RESULT([yes])
4045 ], [ AC_MSG_RESULT([no])
4049 if test -z "$have_u_intxx_t" ; then
4050 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
4051 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4052 #include <sys/types.h>
4059 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no"
4062 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
4063 AC_DEFINE([HAVE_UINTXX_T], [1],
4064 [define if you have uintxx_t data type])
4068 if (test -z "$have_uintxx_t" && \
4069 test "x$ac_cv_header_stdint_h" = "xyes")
4071 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
4072 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
4073 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
4075 AC_DEFINE([HAVE_UINTXX_T])
4076 AC_MSG_RESULT([yes])
4077 ], [ AC_MSG_RESULT([no])
4081 if (test -z "$have_uintxx_t" && \
4082 test "x$ac_cv_header_inttypes_h" = "xyes")
4084 AC_MSG_CHECKING([for uintXX_t types in inttypes.h])
4085 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]],
4086 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
4088 AC_DEFINE([HAVE_UINTXX_T])
4089 AC_MSG_RESULT([yes])
4090 ], [ AC_MSG_RESULT([no])
4094 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
4095 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
4097 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
4098 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4099 #include <sys/bitypes.h>
4101 int8_t a; int16_t b; int32_t c;
4102 u_int8_t e; u_int16_t f; u_int32_t g;
4103 a = b = c = e = f = g = 1;
4106 AC_DEFINE([HAVE_U_INTXX_T])
4107 AC_DEFINE([HAVE_INTXX_T])
4108 AC_MSG_RESULT([yes])
4109 ], [AC_MSG_RESULT([no])
4114 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
4115 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4116 [[ u_char foo; foo = 125; ]])],
4117 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no"
4120 if test "x$ac_cv_have_u_char" = "xyes" ; then
4121 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type])
4124 AC_CHECK_TYPES([intmax_t, uintmax_t], , , [
4125 #include <sys/types.h>
4126 #ifdef HAVE_STDINT_H
4127 # include <stdint.h>
4133 AC_CHECK_TYPES([sig_atomic_t, sighandler_t], , , [#include <signal.h>])
4134 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [
4135 #include <sys/types.h>
4136 #ifdef HAVE_SYS_BITYPES_H
4137 #include <sys/bitypes.h>
4139 #ifdef HAVE_SYS_STATFS_H
4140 #include <sys/statfs.h>
4142 #ifdef HAVE_SYS_STATVFS_H
4143 #include <sys/statvfs.h>
4147 AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[
4148 #include <sys/param.h>
4149 #include <sys/types.h>
4150 #ifdef HAVE_SYS_BITYPES_H
4151 #include <sys/bitypes.h>
4153 #ifdef HAVE_SYS_STATFS_H
4154 #include <sys/statfs.h>
4156 #ifdef HAVE_SYS_STATVFS_H
4157 #include <sys/statvfs.h>
4159 #ifdef HAVE_SYS_VFS_H
4160 #include <sys/vfs.h>
4162 #ifdef HAVE_SYS_MOUNT_H
4163 #include <sys/mount.h>
4168 AC_CHECK_TYPES([in_addr_t, in_port_t], , ,
4169 [#include <sys/types.h>
4170 #include <netinet/in.h>])
4172 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
4173 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4174 [[ size_t foo; foo = 1235; ]])],
4175 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no"
4178 if test "x$ac_cv_have_size_t" = "xyes" ; then
4179 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type])
4182 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
4183 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4184 [[ ssize_t foo; foo = 1235; ]])],
4185 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no"
4188 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
4189 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type])
4192 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
4193 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]],
4194 [[ clock_t foo; foo = 1235; ]])],
4195 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no"
4198 if test "x$ac_cv_have_clock_t" = "xyes" ; then
4199 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type])
4202 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
4203 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4204 #include <sys/types.h>
4205 #include <sys/socket.h>
4206 ]], [[ sa_family_t foo; foo = 1235; ]])],
4207 [ ac_cv_have_sa_family_t="yes" ],
4208 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4209 #include <sys/types.h>
4210 #include <sys/socket.h>
4211 #include <netinet/in.h>
4212 ]], [[ sa_family_t foo; foo = 1235; ]])],
4213 [ ac_cv_have_sa_family_t="yes" ],
4214 [ ac_cv_have_sa_family_t="no" ]
4218 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
4219 AC_DEFINE([HAVE_SA_FAMILY_T], [1],
4220 [define if you have sa_family_t data type])
4223 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
4224 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4225 [[ pid_t foo; foo = 1235; ]])],
4226 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no"
4229 if test "x$ac_cv_have_pid_t" = "xyes" ; then
4230 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type])
4233 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
4234 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4235 [[ mode_t foo; foo = 1235; ]])],
4236 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no"
4239 if test "x$ac_cv_have_mode_t" = "xyes" ; then
4240 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type])
4244 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
4245 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4246 #include <sys/types.h>
4247 #include <sys/socket.h>
4248 ]], [[ struct sockaddr_storage s; ]])],
4249 [ ac_cv_have_struct_sockaddr_storage="yes" ],
4250 [ ac_cv_have_struct_sockaddr_storage="no"
4253 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
4254 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1],
4255 [define if you have struct sockaddr_storage data type])
4258 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
4259 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4260 #include <sys/types.h>
4261 #include <netinet/in.h>
4262 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])],
4263 [ ac_cv_have_struct_sockaddr_in6="yes" ],
4264 [ ac_cv_have_struct_sockaddr_in6="no"
4267 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
4268 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1],
4269 [define if you have struct sockaddr_in6 data type])
4272 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
4273 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4274 #include <sys/types.h>
4275 #include <netinet/in.h>
4276 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])],
4277 [ ac_cv_have_struct_in6_addr="yes" ],
4278 [ ac_cv_have_struct_in6_addr="no"
4281 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
4282 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1],
4283 [define if you have struct in6_addr data type])
4285 dnl Now check for sin6_scope_id
4286 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , ,
4288 #ifdef HAVE_SYS_TYPES_H
4289 #include <sys/types.h>
4291 #include <netinet/in.h>
4295 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
4296 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4297 #include <sys/types.h>
4298 #include <sys/socket.h>
4300 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])],
4301 [ ac_cv_have_struct_addrinfo="yes" ],
4302 [ ac_cv_have_struct_addrinfo="no"
4305 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
4306 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1],
4307 [define if you have struct addrinfo data type])
4310 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
4311 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]],
4312 [[ struct timeval tv; tv.tv_sec = 1;]])],
4313 [ ac_cv_have_struct_timeval="yes" ],
4314 [ ac_cv_have_struct_timeval="no"
4317 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
4318 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval])
4319 have_struct_timeval=1
4322 AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [
4323 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4324 #ifdef HAVE_SYS_TIME_H
4325 # include <sys/time.h>
4331 [[ struct timespec ts; ts.tv_sec = 1;]])],
4332 [ ac_cv_have_struct_timespec="yes" ],
4333 [ ac_cv_have_struct_timespec="no"
4336 if test "x$ac_cv_have_struct_timespec" = "xyes" ; then
4337 AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec])
4338 have_struct_timespec=1
4341 # We need int64_t or else certain parts of the compile will fail.
4342 if test "x$ac_cv_have_int64_t" = "xno" && \
4343 test "x$ac_cv_sizeof_long_int" != "x8" && \
4344 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
4345 echo "OpenSSH requires int64_t support. Contact your vendor or install"
4346 echo "an alternative compiler (I.E., GCC) before continuing."
4350 dnl test snprintf (broken on SCO w/gcc)
4356 #ifdef HAVE_SNPRINTF
4360 char expected_out[50];
4362 #if (SIZEOF_LONG_INT == 8)
4363 long int num = 0x7fffffffffffffff;
4365 long long num = 0x7fffffffffffffffll;
4367 strcpy(expected_out, "9223372036854775807");
4368 snprintf(buf, mazsize, "%lld", num);
4369 if(strcmp(buf, expected_out) != 0)
4374 int main(void) { exit(0); }
4376 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ],
4377 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
4381 dnl Checks for structure members
4382 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP])
4383 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX])
4384 OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX])
4385 OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP])
4386 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP])
4387 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX])
4388 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP])
4389 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP])
4390 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX])
4391 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP])
4392 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX])
4393 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP])
4394 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX])
4395 OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP])
4396 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP])
4397 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX])
4398 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX])
4399 OSSH_CHECK_HEADER_FOR_FIELD([ut_ss], [utmpx.h], [HAVE_SS_IN_UTMPX])
4401 AC_CHECK_MEMBERS([struct stat.st_blksize])
4402 AC_CHECK_MEMBERS([struct stat.st_mtim])
4403 AC_CHECK_MEMBERS([struct stat.st_mtime])
4404 AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class,
4405 struct passwd.pw_change, struct passwd.pw_expire],
4407 #include <sys/types.h>
4411 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state],
4412 [Define if we don't have struct __res_state in resolv.h])],
4415 #if HAVE_SYS_TYPES_H
4416 # include <sys/types.h>
4418 #include <netinet/in.h>
4419 #include <arpa/nameser.h>
4423 AC_CHECK_MEMBER([struct sockaddr_in.sin_len],
4424 [AC_DEFINE([SOCK_HAS_LEN], [1], [sockaddr_in has sin_len])],
4427 #include <sys/types.h>
4428 #include <sys/socket.h>
4429 #include <netinet/in.h>
4433 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
4434 ac_cv_have_ss_family_in_struct_ss, [
4435 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4436 #include <sys/types.h>
4437 #include <sys/socket.h>
4438 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])],
4439 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
4440 [ ac_cv_have_ss_family_in_struct_ss="no" ])
4442 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
4443 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage])
4446 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
4447 ac_cv_have___ss_family_in_struct_ss, [
4448 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4449 #include <sys/types.h>
4450 #include <sys/socket.h>
4451 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])],
4452 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
4453 [ ac_cv_have___ss_family_in_struct_ss="no"
4456 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
4457 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1],
4458 [Fields in struct sockaddr_storage])
4461 dnl make sure we're using the real structure members and not defines
4462 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
4463 ac_cv_have_accrights_in_msghdr, [
4464 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4465 #include <sys/types.h>
4466 #include <sys/socket.h>
4467 #include <sys/uio.h>
4470 #ifdef msg_accrights
4471 #error "msg_accrights is a macro"
4475 m.msg_accrights = 0;
4478 [ ac_cv_have_accrights_in_msghdr="yes" ],
4479 [ ac_cv_have_accrights_in_msghdr="no" ]
4482 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
4483 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1],
4484 [Define if your system uses access rights style
4485 file descriptor passing])
4488 AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type])
4489 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4490 #include <sys/param.h>
4491 #include <sys/stat.h>
4492 #ifdef HAVE_SYS_TIME_H
4493 # include <sys/time.h>
4495 #ifdef HAVE_SYS_MOUNT_H
4496 #include <sys/mount.h>
4498 #ifdef HAVE_SYS_STATVFS_H
4499 #include <sys/statvfs.h>
4501 ]], [[ struct statvfs s; s.f_fsid = 0; ]])],
4502 [ AC_MSG_RESULT([yes]) ],
4503 [ AC_MSG_RESULT([no])
4505 AC_MSG_CHECKING([if fsid_t has member val])
4506 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4507 #include <sys/types.h>
4508 #include <sys/statvfs.h>
4509 ]], [[ fsid_t t; t.val[0] = 0; ]])],
4510 [ AC_MSG_RESULT([yes])
4511 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ],
4512 [ AC_MSG_RESULT([no]) ])
4514 AC_MSG_CHECKING([if f_fsid has member __val])
4515 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4516 #include <sys/types.h>
4517 #include <sys/statvfs.h>
4518 ]], [[ fsid_t t; t.__val[0] = 0; ]])],
4519 [ AC_MSG_RESULT([yes])
4520 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ],
4521 [ AC_MSG_RESULT([no]) ])
4524 AC_CACHE_CHECK([for msg_control field in struct msghdr],
4525 ac_cv_have_control_in_msghdr, [
4526 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4527 #include <sys/types.h>
4528 #include <sys/socket.h>
4529 #include <sys/uio.h>
4533 #error "msg_control is a macro"
4540 [ ac_cv_have_control_in_msghdr="yes" ],
4541 [ ac_cv_have_control_in_msghdr="no" ]
4544 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
4545 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1],
4546 [Define if your system uses ancillary data style
4547 file descriptor passing])
4550 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
4551 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4552 [[ extern char *__progname; printf("%s", __progname); ]])],
4553 [ ac_cv_libc_defines___progname="yes" ],
4554 [ ac_cv_libc_defines___progname="no"
4557 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
4558 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname])
4561 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
4562 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4563 [[ printf("%s", __FUNCTION__); ]])],
4564 [ ac_cv_cc_implements___FUNCTION__="yes" ],
4565 [ ac_cv_cc_implements___FUNCTION__="no"
4568 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
4569 AC_DEFINE([HAVE___FUNCTION__], [1],
4570 [Define if compiler implements __FUNCTION__])
4573 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
4574 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4575 [[ printf("%s", __func__); ]])],
4576 [ ac_cv_cc_implements___func__="yes" ],
4577 [ ac_cv_cc_implements___func__="no"
4580 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
4581 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__])
4584 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
4585 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4588 ]], [[ va_copy(x,y); ]])],
4589 [ ac_cv_have_va_copy="yes" ],
4590 [ ac_cv_have_va_copy="no"
4593 if test "x$ac_cv_have_va_copy" = "xyes" ; then
4594 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
4597 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
4598 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4601 ]], [[ __va_copy(x,y); ]])],
4602 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
4605 if test "x$ac_cv_have___va_copy" = "xyes" ; then
4606 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
4609 AC_CACHE_CHECK([whether getopt has optreset support],
4610 ac_cv_have_getopt_optreset, [
4611 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]],
4612 [[ extern int optreset; optreset = 0; ]])],
4613 [ ac_cv_have_getopt_optreset="yes" ],
4614 [ ac_cv_have_getopt_optreset="no"
4617 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
4618 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1],
4619 [Define if your getopt(3) defines and uses optreset])
4622 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
4623 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4624 [[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])],
4625 [ ac_cv_libc_defines_sys_errlist="yes" ],
4626 [ ac_cv_libc_defines_sys_errlist="no"
4629 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
4630 AC_DEFINE([HAVE_SYS_ERRLIST], [1],
4631 [Define if your system defines sys_errlist[]])
4635 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
4636 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4637 [[ extern int sys_nerr; printf("%i", sys_nerr);]])],
4638 [ ac_cv_libc_defines_sys_nerr="yes" ],
4639 [ ac_cv_libc_defines_sys_nerr="no"
4642 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
4643 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr])
4646 # Check libraries needed by DNS fingerprint support
4647 AC_SEARCH_LIBS([getrrsetbyname], [resolv],
4648 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1],
4649 [Define if getrrsetbyname() exists])],
4651 # Needed by our getrrsetbyname()
4652 AC_SEARCH_LIBS([res_query], [resolv])
4653 AC_SEARCH_LIBS([dn_expand], [resolv])
4654 AC_MSG_CHECKING([if res_query will link])
4655 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4656 #include <sys/types.h>
4657 #include <netinet/in.h>
4658 #include <arpa/nameser.h>
4662 res_query (0, 0, 0, 0, 0);
4664 AC_MSG_RESULT([yes]),
4665 [AC_MSG_RESULT([no])
4667 LIBS="$LIBS -lresolv"
4668 AC_MSG_CHECKING([for res_query in -lresolv])
4669 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4670 #include <sys/types.h>
4671 #include <netinet/in.h>
4672 #include <arpa/nameser.h>
4676 res_query (0, 0, 0, 0, 0);
4678 [AC_MSG_RESULT([yes])],
4680 AC_MSG_RESULT([no])])
4682 AC_CHECK_FUNCS([_getshort _getlong])
4683 AC_CHECK_DECLS([_getshort, _getlong], , ,
4684 [#include <sys/types.h>
4685 #include <arpa/nameser.h>])
4686 AC_CHECK_MEMBER([HEADER.ad],
4687 [AC_DEFINE([HAVE_HEADER_AD], [1],
4688 [Define if HEADER.ad exists in arpa/nameser.h])], ,
4689 [#include <arpa/nameser.h>])
4692 AC_MSG_CHECKING([if struct __res_state _res is an extern])
4693 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4695 #if HAVE_SYS_TYPES_H
4696 # include <sys/types.h>
4698 #include <netinet/in.h>
4699 #include <arpa/nameser.h>
4701 extern struct __res_state _res;
4703 struct __res_state *volatile p = &_res; /* force resolution of _res */
4706 [AC_MSG_RESULT([yes])
4707 AC_DEFINE([HAVE__RES_EXTERN], [1],
4708 [Define if you have struct __res_state _res as an extern])
4710 [ AC_MSG_RESULT([no]) ]
4713 # Check whether user wants SELinux support
4716 AC_ARG_WITH([selinux],
4717 [ --with-selinux Enable SELinux support],
4718 [ if test "x$withval" != "xno" ; then
4720 AC_DEFINE([WITH_SELINUX], [1],
4721 [Define if you want SELinux support.])
4723 AC_CHECK_HEADER([selinux/selinux.h], ,
4724 AC_MSG_ERROR([SELinux support requires selinux.h header]))
4725 AC_CHECK_LIB([selinux], [setexeccon],
4726 [ LIBSELINUX="-lselinux"
4727 LIBS="$LIBS -lselinux"
4729 AC_MSG_ERROR([SELinux support requires libselinux library]))
4730 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
4731 LIBS="$save_LIBS $LIBSELINUX"
4734 AC_SUBST([SSHDLIBS])
4736 # Check whether user wants Kerberos 5 support
4738 AC_ARG_WITH([kerberos5],
4739 [ --with-kerberos5=PATH Enable Kerberos 5 support],
4740 [ if test "x$withval" != "xno" ; then
4741 if test "x$withval" = "xyes" ; then
4742 KRB5ROOT="/usr/local"
4747 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support])
4750 use_pkgconfig_for_krb5=
4751 if test "x$PKGCONFIG" != "xno"; then
4752 AC_MSG_CHECKING([if $PKGCONFIG knows about kerberos5])
4753 if "$PKGCONFIG" krb5; then
4754 AC_MSG_RESULT([yes])
4755 use_pkgconfig_for_krb5=yes
4760 if test "x$use_pkgconfig_for_krb5" = "xyes"; then
4761 K5CFLAGS=`$PKGCONFIG --cflags krb5`
4762 K5LIBS=`$PKGCONFIG --libs krb5`
4763 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
4765 AC_MSG_CHECKING([for gssapi support])
4766 if "$PKGCONFIG" krb5-gssapi; then
4767 AC_MSG_RESULT([yes])
4768 AC_DEFINE([GSSAPI], [1],
4769 [Define this if you want GSSAPI
4770 support in the version 2 protocol])
4771 GSSCFLAGS="`$PKGCONFIG --cflags krb5-gssapi`"
4772 GSSLIBS="`$PKGCONFIG --libs krb5-gssapi`"
4773 CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
4777 AC_MSG_CHECKING([whether we are using Heimdal])
4778 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4779 ]], [[ char *tmp = heimdal_version; ]])],
4780 [ AC_MSG_RESULT([yes])
4781 AC_DEFINE([HEIMDAL], [1],
4782 [Define this if you are using the Heimdal
4783 version of Kerberos V5]) ],
4784 [AC_MSG_RESULT([no])
4787 AC_PATH_TOOL([KRB5CONF], [krb5-config],
4788 [$KRB5ROOT/bin/krb5-config],
4789 [$KRB5ROOT/bin:$PATH])
4790 if test -x $KRB5CONF ; then
4791 K5CFLAGS="`$KRB5CONF --cflags`"
4792 K5LIBS="`$KRB5CONF --libs`"
4793 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
4795 AC_MSG_CHECKING([for gssapi support])
4796 if $KRB5CONF | grep gssapi >/dev/null ; then
4797 AC_MSG_RESULT([yes])
4798 AC_DEFINE([GSSAPI], [1],
4799 [Define this if you want GSSAPI
4800 support in the version 2 protocol])
4801 GSSCFLAGS="`$KRB5CONF --cflags gssapi`"
4802 GSSLIBS="`$KRB5CONF --libs gssapi`"
4803 CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
4807 AC_MSG_CHECKING([whether we are using Heimdal])
4808 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4809 ]], [[ char *tmp = heimdal_version; ]])],
4810 [ AC_MSG_RESULT([yes])
4811 AC_DEFINE([HEIMDAL], [1],
4812 [Define this if you are using the Heimdal
4813 version of Kerberos V5]) ],
4814 [AC_MSG_RESULT([no])
4817 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
4818 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
4819 AC_MSG_CHECKING([whether we are using Heimdal])
4820 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4821 ]], [[ char *tmp = heimdal_version; ]])],
4822 [ AC_MSG_RESULT([yes])
4823 AC_DEFINE([HEIMDAL])
4825 K5LIBS="$K5LIBS -lcom_err -lasn1"
4826 AC_CHECK_LIB([roken], [net_write],
4827 [K5LIBS="$K5LIBS -lroken"])
4828 AC_CHECK_LIB([des], [des_cbc_encrypt],
4829 [K5LIBS="$K5LIBS -ldes"])
4830 ], [ AC_MSG_RESULT([no])
4831 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
4833 AC_SEARCH_LIBS([dn_expand], [resolv])
4835 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context],
4836 [ AC_DEFINE([GSSAPI])
4837 GSSLIBS="-lgssapi_krb5" ],
4838 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context],
4839 [ AC_DEFINE([GSSAPI])
4840 GSSLIBS="-lgssapi" ],
4841 [ AC_CHECK_LIB([gss], [gss_init_sec_context],
4842 [ AC_DEFINE([GSSAPI])
4844 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]))
4848 AC_CHECK_HEADER([gssapi.h], ,
4849 [ unset ac_cv_header_gssapi_h
4850 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4851 AC_CHECK_HEADERS([gssapi.h], ,
4852 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
4858 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4859 AC_CHECK_HEADER([gssapi_krb5.h], ,
4860 [ CPPFLAGS="$oldCPP" ])
4864 if test -n "${rpath_opt}" ; then
4865 LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib"
4867 if test ! -z "$blibpath" ; then
4868 blibpath="$blibpath:${KRB5ROOT}/lib"
4871 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h])
4872 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h])
4873 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h])
4875 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1],
4876 [Define this if you want to use libkafs' AFS support])])
4878 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[
4879 #ifdef HAVE_GSSAPI_H
4880 # include <gssapi.h>
4881 #elif defined(HAVE_GSSAPI_GSSAPI_H)
4882 # include <gssapi/gssapi.h>
4885 #ifdef HAVE_GSSAPI_GENERIC_H
4886 # include <gssapi_generic.h>
4887 #elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H)
4888 # include <gssapi/gssapi_generic.h>
4892 LIBS="$LIBS $K5LIBS"
4893 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message])
4901 AC_SUBST([CHANNELLIBS])
4903 # Looking for programs, paths and files
4905 PRIVSEP_PATH=/var/empty
4906 AC_ARG_WITH([privsep-path],
4907 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
4909 if test -n "$withval" && test "x$withval" != "xno" && \
4910 test "x${withval}" != "xyes"; then
4911 PRIVSEP_PATH=$withval
4915 AC_SUBST([PRIVSEP_PATH])
4917 AC_ARG_WITH([xauth],
4918 [ --with-xauth=PATH Specify path to xauth program ],
4920 if test -n "$withval" && test "x$withval" != "xno" && \
4921 test "x${withval}" != "xyes"; then
4927 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
4928 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
4929 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
4930 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
4931 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath])
4932 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
4933 xauth_path="/usr/openwin/bin/xauth"
4939 AC_ARG_ENABLE([strip],
4940 [ --disable-strip Disable calling strip(1) on install],
4942 if test "x$enableval" = "xno" ; then
4947 AC_SUBST([STRIP_OPT])
4949 if test -z "$xauth_path" ; then
4950 XAUTH_PATH="undefined"
4951 AC_SUBST([XAUTH_PATH])
4953 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"],
4954 [Define if xauth is found in your path])
4955 XAUTH_PATH=$xauth_path
4956 AC_SUBST([XAUTH_PATH])
4959 dnl # --with-maildir=/path/to/mail gets top priority.
4960 dnl # if maildir is set in the platform case statement above we use that.
4961 dnl # Otherwise we run a program to get the dir from system headers.
4962 dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL
4963 dnl # If we find _PATH_MAILDIR we do nothing because that is what
4964 dnl # session.c expects anyway. Otherwise we set to the value found
4965 dnl # stripping any trailing slash. If for some strage reason our program
4966 dnl # does not find what it needs, we default to /var/spool/mail.
4967 # Check for mail directory
4968 AC_ARG_WITH([maildir],
4969 [ --with-maildir=/path/to/mail Specify your system mail directory],
4971 if test "X$withval" != X && test "x$withval" != xno && \
4972 test "x${withval}" != xyes; then
4973 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"],
4974 [Set this to your mail directory if you do not have _PATH_MAILDIR])
4977 if test "X$maildir" != "X"; then
4978 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4980 AC_MSG_CHECKING([Discovering system mail directory])
4989 #ifdef HAVE_MAILLOCK_H
4990 #include <maillock.h>
4992 #define DATA "conftest.maildir"
4997 fd = fopen(DATA,"w");
5001 #if defined (_PATH_MAILDIR)
5002 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0)
5004 #elif defined (MAILDIR)
5005 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0)
5007 #elif defined (_PATH_MAIL)
5008 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0)
5017 maildir_what=`awk -F: '{print $1}' conftest.maildir`
5018 maildir=`awk -F: '{print $2}' conftest.maildir \
5020 AC_MSG_RESULT([Using: $maildir from $maildir_what])
5021 if test "x$maildir_what" != "x_PATH_MAILDIR"; then
5022 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
5026 if test "X$ac_status" = "X2";then
5027 # our test program didn't find it. Default to /var/spool/mail
5028 AC_MSG_RESULT([Using: default value of /var/spool/mail])
5029 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"])
5031 AC_MSG_RESULT([*** not found ***])
5035 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail])
5042 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
5043 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
5044 disable_ptmx_check=yes
5046 if test -z "$no_dev_ptmx" ; then
5047 if test "x$disable_ptmx_check" != "xyes" ; then
5048 AC_CHECK_FILE(["/dev/ptmx"],
5050 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1],
5051 [Define if you have /dev/ptmx])
5058 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
5059 AC_CHECK_FILE(["/dev/ptc"],
5061 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1],
5062 [Define if you have /dev/ptc])
5067 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
5070 # Options from here on. Some of these are preset by platform above
5071 AC_ARG_WITH([mantype],
5072 [ --with-mantype=man|cat|doc Set man page type],
5079 AC_MSG_ERROR([invalid man type: $withval])
5084 if test -z "$MANTYPE"; then
5085 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then
5087 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
5089 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
5096 if test "$MANTYPE" = "doc"; then
5101 AC_SUBST([mansubdir])
5103 # Whether to disable shadow password support
5104 AC_ARG_WITH([shadow],
5105 [ --without-shadow Disable shadow password support],
5107 if test "x$withval" = "xno" ; then
5108 AC_DEFINE([DISABLE_SHADOW])
5114 if test -z "$disable_shadow" ; then
5115 AC_MSG_CHECKING([if the systems has expire shadow information])
5116 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5117 #include <sys/types.h>
5120 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])],
5121 [ sp_expire_available=yes ], [
5124 if test "x$sp_expire_available" = "xyes" ; then
5125 AC_MSG_RESULT([yes])
5126 AC_DEFINE([HAS_SHADOW_EXPIRE], [1],
5127 [Define if you want to use shadow password expire field])
5133 # Use ip address instead of hostname in $DISPLAY
5134 if test ! -z "$IPADDR_IN_DISPLAY" ; then
5135 DISPLAY_HACK_MSG="yes"
5136 AC_DEFINE([IPADDR_IN_DISPLAY], [1],
5137 [Define if you need to use IP address
5138 instead of hostname in $DISPLAY])
5140 DISPLAY_HACK_MSG="no"
5141 AC_ARG_WITH([ipaddr-display],
5142 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY],
5144 if test "x$withval" != "xno" ; then
5145 AC_DEFINE([IPADDR_IN_DISPLAY])
5146 DISPLAY_HACK_MSG="yes"
5152 # check for /etc/default/login and use it if present.
5153 AC_ARG_ENABLE([etc-default-login],
5154 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
5155 [ if test "x$enableval" = "xno"; then
5156 AC_MSG_NOTICE([/etc/default/login handling disabled])
5157 etc_default_login=no
5159 etc_default_login=yes
5161 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
5163 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
5164 etc_default_login=no
5166 etc_default_login=yes
5170 if test "x$etc_default_login" != "xno"; then
5171 AC_CHECK_FILE(["/etc/default/login"],
5172 [ external_path_file=/etc/default/login ])
5173 if test "x$external_path_file" = "x/etc/default/login"; then
5174 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1],
5175 [Define if your system has /etc/default/login])
5179 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
5180 if test $ac_cv_func_login_getcapbool = "yes" && \
5181 test $ac_cv_header_login_cap_h = "yes" ; then
5182 external_path_file=/etc/login.conf
5185 # Whether to mess with the default path
5186 SERVER_PATH_MSG="(default)"
5187 AC_ARG_WITH([default-path],
5188 [ --with-default-path= Specify default $PATH environment for server],
5190 if test "x$external_path_file" = "x/etc/login.conf" ; then
5192 --with-default-path=PATH has no effect on this system.
5193 Edit /etc/login.conf instead.])
5194 elif test "x$withval" != "xno" ; then
5195 if test ! -z "$external_path_file" ; then
5197 --with-default-path=PATH will only be used if PATH is not defined in
5198 $external_path_file .])
5200 user_path="$withval"
5201 SERVER_PATH_MSG="$withval"
5204 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
5205 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
5207 if test ! -z "$external_path_file" ; then
5209 If PATH is defined in $external_path_file, ensure the path to scp is included,
5210 otherwise scp will not work.])
5214 /* find out what STDPATH is */
5220 #ifndef _PATH_STDPATH
5221 # ifdef _PATH_USERPATH /* Irix */
5222 # define _PATH_STDPATH _PATH_USERPATH
5224 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
5227 #include <sys/types.h>
5228 #include <sys/stat.h>
5230 #define DATA "conftest.stdpath"
5235 fd = fopen(DATA,"w");
5239 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
5244 [ user_path=`cat conftest.stdpath` ],
5245 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
5246 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
5248 # make sure $bindir is in USER_PATH so scp will work
5249 t_bindir="${bindir}"
5250 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do
5251 t_bindir=`eval echo ${t_bindir}`
5253 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
5256 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
5259 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
5260 if test $? -ne 0 ; then
5261 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
5262 if test $? -ne 0 ; then
5263 user_path=$user_path:$t_bindir
5264 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work])
5269 if test "x$external_path_file" != "x/etc/login.conf" ; then
5270 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH])
5271 AC_SUBST([user_path])
5274 # Set superuser path separately to user path
5275 AC_ARG_WITH([superuser-path],
5276 [ --with-superuser-path= Specify different path for super-user],
5278 if test -n "$withval" && test "x$withval" != "xno" && \
5279 test "x${withval}" != "xyes"; then
5280 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"],
5281 [Define if you want a different $PATH
5283 superuser_path=$withval
5289 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
5290 IPV4_IN6_HACK_MSG="no"
5292 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
5294 if test "x$withval" != "xno" ; then
5295 AC_MSG_RESULT([yes])
5296 AC_DEFINE([IPV4_IN_IPV6], [1],
5297 [Detect IPv4 in IPv6 mapped addresses
5299 IPV4_IN6_HACK_MSG="yes"
5304 if test "x$inet6_default_4in6" = "xyes"; then
5305 AC_MSG_RESULT([yes (default)])
5306 AC_DEFINE([IPV4_IN_IPV6])
5307 IPV4_IN6_HACK_MSG="yes"
5309 AC_MSG_RESULT([no (default)])
5314 # Whether to enable BSD auth support
5316 AC_ARG_WITH([bsd-auth],
5317 [ --with-bsd-auth Enable BSD auth support],
5319 if test "x$withval" != "xno" ; then
5320 AC_DEFINE([BSD_AUTH], [1],
5321 [Define if you have BSD auth support])
5327 # Where to place sshd.pid
5329 # make sure the directory exists
5330 if test ! -d $piddir ; then
5331 piddir=`eval echo ${sysconfdir}`
5333 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
5337 AC_ARG_WITH([pid-dir],
5338 [ --with-pid-dir=PATH Specify location of sshd.pid file],
5340 if test -n "$withval" && test "x$withval" != "xno" && \
5341 test "x${withval}" != "xyes"; then
5343 if test ! -d $piddir ; then
5344 AC_MSG_WARN([** no $piddir directory on this system **])
5350 AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"],
5351 [Specify location of ssh.pid])
5354 dnl allow user to disable some login recording features
5355 AC_ARG_ENABLE([lastlog],
5356 [ --disable-lastlog disable use of lastlog even if detected [no]],
5358 if test "x$enableval" = "xno" ; then
5359 AC_DEFINE([DISABLE_LASTLOG])
5363 AC_ARG_ENABLE([utmp],
5364 [ --disable-utmp disable use of utmp even if detected [no]],
5366 if test "x$enableval" = "xno" ; then
5367 AC_DEFINE([DISABLE_UTMP])
5371 AC_ARG_ENABLE([utmpx],
5372 [ --disable-utmpx disable use of utmpx even if detected [no]],
5374 if test "x$enableval" = "xno" ; then
5375 AC_DEFINE([DISABLE_UTMPX], [1],
5376 [Define if you don't want to use utmpx])
5380 AC_ARG_ENABLE([wtmp],
5381 [ --disable-wtmp disable use of wtmp even if detected [no]],
5383 if test "x$enableval" = "xno" ; then
5384 AC_DEFINE([DISABLE_WTMP])
5388 AC_ARG_ENABLE([wtmpx],
5389 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
5391 if test "x$enableval" = "xno" ; then
5392 AC_DEFINE([DISABLE_WTMPX], [1],
5393 [Define if you don't want to use wtmpx])
5397 AC_ARG_ENABLE([libutil],
5398 [ --disable-libutil disable use of libutil (login() etc.) [no]],
5400 if test "x$enableval" = "xno" ; then
5401 AC_DEFINE([DISABLE_LOGIN])
5405 AC_ARG_ENABLE([pututline],
5406 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
5408 if test "x$enableval" = "xno" ; then
5409 AC_DEFINE([DISABLE_PUTUTLINE], [1],
5410 [Define if you don't want to use pututline()
5411 etc. to write [uw]tmp])
5415 AC_ARG_ENABLE([pututxline],
5416 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
5418 if test "x$enableval" = "xno" ; then
5419 AC_DEFINE([DISABLE_PUTUTXLINE], [1],
5420 [Define if you don't want to use pututxline()
5421 etc. to write [uw]tmpx])
5425 AC_ARG_WITH([lastlog],
5426 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
5428 if test "x$withval" = "xno" ; then
5429 AC_DEFINE([DISABLE_LASTLOG])
5430 elif test -n "$withval" && test "x${withval}" != "xyes"; then
5431 conf_lastlog_location=$withval
5436 dnl lastlog, [uw]tmpx? detection
5437 dnl NOTE: set the paths in the platform section to avoid the
5438 dnl need for command-line parameters
5439 dnl lastlog and [uw]tmp are subject to a file search if all else fails
5441 dnl lastlog detection
5442 dnl NOTE: the code itself will detect if lastlog is a directory
5443 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
5444 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5445 #include <sys/types.h>
5447 #ifdef HAVE_LASTLOG_H
5448 # include <lastlog.h>
5456 ]], [[ char *lastlog = LASTLOG_FILE; ]])],
5457 [ AC_MSG_RESULT([yes]) ],
5460 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
5461 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5462 #include <sys/types.h>
5464 #ifdef HAVE_LASTLOG_H
5465 # include <lastlog.h>
5470 ]], [[ char *lastlog = _PATH_LASTLOG; ]])],
5471 [ AC_MSG_RESULT([yes]) ],
5474 system_lastlog_path=no
5478 if test -z "$conf_lastlog_location"; then
5479 if test x"$system_lastlog_path" = x"no" ; then
5480 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
5481 if (test -d "$f" || test -f "$f") ; then
5482 conf_lastlog_location=$f
5485 if test -z "$conf_lastlog_location"; then
5486 AC_MSG_WARN([** Cannot find lastlog **])
5487 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
5492 if test -n "$conf_lastlog_location"; then
5493 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"],
5494 [Define if you want to specify the path to your lastlog file])
5498 AC_MSG_CHECKING([if your system defines UTMP_FILE])
5499 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5500 #include <sys/types.h>
5505 ]], [[ char *utmp = UTMP_FILE; ]])],
5506 [ AC_MSG_RESULT([yes]) ],
5507 [ AC_MSG_RESULT([no])
5510 if test -z "$conf_utmp_location"; then
5511 if test x"$system_utmp_path" = x"no" ; then
5512 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
5513 if test -f $f ; then
5514 conf_utmp_location=$f
5517 if test -z "$conf_utmp_location"; then
5518 AC_DEFINE([DISABLE_UTMP])
5522 if test -n "$conf_utmp_location"; then
5523 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"],
5524 [Define if you want to specify the path to your utmp file])
5528 AC_MSG_CHECKING([if your system defines WTMP_FILE])
5529 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5530 #include <sys/types.h>
5535 ]], [[ char *wtmp = WTMP_FILE; ]])],
5536 [ AC_MSG_RESULT([yes]) ],
5537 [ AC_MSG_RESULT([no])
5540 if test -z "$conf_wtmp_location"; then
5541 if test x"$system_wtmp_path" = x"no" ; then
5542 for f in /usr/adm/wtmp /var/log/wtmp; do
5543 if test -f $f ; then
5544 conf_wtmp_location=$f
5547 if test -z "$conf_wtmp_location"; then
5548 AC_DEFINE([DISABLE_WTMP])
5552 if test -n "$conf_wtmp_location"; then
5553 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"],
5554 [Define if you want to specify the path to your wtmp file])
5558 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
5559 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5560 #include <sys/types.h>
5568 ]], [[ char *wtmpx = WTMPX_FILE; ]])],
5569 [ AC_MSG_RESULT([yes]) ],
5570 [ AC_MSG_RESULT([no])
5571 system_wtmpx_path=no
5573 if test -z "$conf_wtmpx_location"; then
5574 if test x"$system_wtmpx_path" = x"no" ; then
5575 AC_DEFINE([DISABLE_WTMPX])
5578 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"],
5579 [Define if you want to specify the path to your wtmpx file])
5583 if test ! -z "$blibpath" ; then
5584 LDFLAGS="$LDFLAGS $blibflags$blibpath"
5585 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
5588 AC_CHECK_MEMBER([struct lastlog.ll_line], [], [
5589 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then
5590 AC_DEFINE([DISABLE_LASTLOG])
5593 #ifdef HAVE_SYS_TYPES_H
5594 #include <sys/types.h>
5602 #ifdef HAVE_LASTLOG_H
5603 #include <lastlog.h>
5607 AC_CHECK_MEMBER([struct utmp.ut_line], [], [
5608 AC_DEFINE([DISABLE_UTMP])
5609 AC_DEFINE([DISABLE_WTMP])
5611 #ifdef HAVE_SYS_TYPES_H
5612 #include <sys/types.h>
5620 #ifdef HAVE_LASTLOG_H
5621 #include <lastlog.h>
5625 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
5627 CFLAGS="$CFLAGS $werror_flags"
5629 if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
5634 AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no])
5635 AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6])
5636 AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8])
5637 AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS])
5638 AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms])
5639 AC_SUBST([DEPEND], [$(cat $srcdir/.depend)])
5641 # Binaries for interop tests.
5642 AC_PATH_PROG([PLINK], [plink])
5643 AC_PATH_PROG([PUTTYGEN], [puttygen])
5644 AC_PATH_PROG([CONCH], [conch])
5645 AC_PATH_PROG([DROPBEAR], [dropbear])
5646 AC_PATH_PROG([DBCLIENT], [dbclient])
5647 AC_PATH_PROG([DROPBEARKEY], [dropbearkey])
5648 AC_PATH_PROG([DROPBEARCONVERT], [dropbearconvert])
5650 CFLAGS="${CFLAGS} ${CFLAGS_AFTER}"
5651 LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}"
5653 # Make a copy of CFLAGS/LDFLAGS without PIE options.
5654 LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'`
5655 CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'`
5656 AC_SUBST([LDFLAGS_NOPIE])
5657 AC_SUBST([CFLAGS_NOPIE])
5660 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
5661 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
5665 # Print summary of options
5667 # Someone please show me a better way :)
5668 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
5669 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
5670 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
5671 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
5672 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
5673 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
5674 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
5675 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
5676 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
5677 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
5680 echo "OpenSSH has been configured with the following options:"
5681 echo " User binaries: $B"
5682 echo " System binaries: $C"
5683 echo " Configuration files: $D"
5684 echo " Askpass program: $E"
5685 echo " Manual pages: $F"
5686 echo " PID file: $G"
5687 echo " Privilege separation chroot path: $H"
5688 if test "x$external_path_file" = "x/etc/login.conf" ; then
5689 echo " At runtime, sshd will use the path defined in $external_path_file"
5690 echo " Make sure the path to scp is present, otherwise scp will not work"
5692 echo " sshd default user PATH: $I"
5693 if test ! -z "$external_path_file"; then
5694 echo " (If PATH is set in $external_path_file it will be used instead. If"
5695 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
5698 if test ! -z "$superuser_path" ; then
5699 echo " sshd superuser user PATH: $J"
5701 echo " Manpage format: $MANTYPE"
5702 echo " PAM support: $PAM_MSG"
5703 echo " OSF SIA support: $SIA_MSG"
5704 echo " KerberosV support: $KRB5_MSG"
5705 echo " SELinux support: $SELINUX_MSG"
5706 echo " TCP Wrappers support: $TCPW_MSG"
5707 echo " libedit support: $LIBEDIT_MSG"
5708 echo " libldns support: $LDNS_MSG"
5709 echo " Solaris process contract support: $SPC_MSG"
5710 echo " Solaris project support: $SP_MSG"
5711 echo " Solaris privilege support: $SPP_MSG"
5712 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
5713 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
5714 echo " BSD Auth support: $BSD_AUTH_MSG"
5715 echo " Random number source: $RAND_MSG"
5716 echo " Privsep sandbox style: $SANDBOX_STYLE"
5717 echo " PKCS#11 support: $enable_pkcs11"
5718 echo " U2F/FIDO support: $enable_sk"
5722 echo " Host: ${host}"
5723 echo " Compiler: ${CC}"
5724 echo " Compiler flags: ${CFLAGS}"
5725 echo "Preprocessor flags: ${CPPFLAGS}"
5726 echo " Linker flags: ${LDFLAGS}"
5727 echo " Libraries: ${LIBS}"
5728 if test ! -z "${CHANNELLIBS}"; then
5729 echo " +for channels: ${CHANNELLIBS}"
5731 if test ! -z "${LIBFIDO2}"; then
5732 echo " +for FIDO2: ${LIBFIDO2}"
5734 if test ! -z "${SSHDLIBS}"; then
5735 echo " +for sshd: ${SSHDLIBS}"
5740 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
5741 echo "SVR4 style packages are supported with \"make package\""
5745 if test "x$PAM_MSG" = "xyes" ; then
5746 echo "PAM is enabled. You may need to install a PAM control file "
5747 echo "for sshd, otherwise password authentication may fail. "
5748 echo "Example PAM control files can be found in the contrib/ "
5753 if test ! -z "$NO_PEERCHECK" ; then
5754 echo "WARNING: the operating system that you are using does not"
5755 echo "appear to support getpeereid(), getpeerucred() or the"
5756 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
5757 echo "enforce security checks to prevent unauthorised connections to"
5758 echo "ssh-agent. Their absence increases the risk that a malicious"
5759 echo "user can connect to your agent."
5763 if test "$AUDIT_MODULE" = "bsm" ; then
5764 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
5765 echo "See the Solaris section in README.platform for details."